Merge pull request #124 from shortdudey123/update_test

Update Rubocop, Foodcritic, and Chefspec coverage

Author: atomic111

.gitignore

@@ -1,9 +1,24 @@
-README.pdf
-README.html
-shared_test_repo/
-test/integration
-.kitchen
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
 coverage
+exp.*
+pkg/
+shared_test_repo/
 
-Gemfile.lock
+# Berkshelf
+.vagrant
+/cookbooks
 Berksfile.lock
+
+# Bundler
+Gemfile.lock
+bin/*
+.bundle/*
+
+# Test Kitchen
+.kitchen/
+.kitchen.local.yml

.rubocop.yml

@@ -1,33 +1,32 @@
 ---
 AllCops:
+  DisplayCopNames: true
   Exclude:
   - vendor/**/*
   - test/**/*
-  - metadata.rb
-  - Berksfile
-  - Guardfile
-Documentation:
-  Enabled: false
-AlignParameters:
-  Enabled: true
-Encoding:
-  Enabled: true
-HashSyntax:
-  Enabled: true
-LineLength:
-  Enabled: false
-EmptyLinesAroundBlockBody:
-  Enabled: false
-MethodLength:
-  Max: 40
-NumericLiterals:
-  MinDigits: 10
+Metrics/AbcSize:
+  Max: 29
 Metrics/CyclomaticComplexity:
   Max: 10
+Metrics/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Max: 40
 Metrics/PerceivedComplexity:
   Max: 10
-Metrics/AbcSize:
-  Max: 29
+Style/Documentation:
+  Enabled: false
 Style/DotPosition:
   EnforcedStyle: trailing
   Enabled: true
+Style/Encoding:
+  EnforcedStyle: always
+  Enabled: true
+Style/ExtraSpacing:
+  Exclude:
+    - attributes/default.rb
+Style/RegexpLiteral:
+  AllowInnerSlashes: true
+Style/SpaceAroundOperators:
+  Exclude:
+    - attributes/default.rb

Berksfile

@@ -1,7 +1,9 @@
-source "https://supermarket.getchef.com"
+# encoding: utf-8
+
+source 'https://supermarket.chef.io'
 
 metadata
 
-cookbook "chef-solo-search", :git => "https://github.com/edelight/chef-solo-search"
-cookbook "apt"
-cookbook "yum"
+cookbook 'chef-solo-search', git: 'https://github.com/edelight/chef-solo-search'
+cookbook 'apt'
+cookbook 'yum'

Gemfile

@@ -14,9 +14,9 @@ end
 group :test do
   gem 'rake'
   gem 'chefspec',   '~> 4.2.0'
-  gem 'foodcritic', '~> 4.0'
+  gem 'foodcritic', '~> 6.3'
   gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.31.0'
+  gem 'rubocop',    '~> 0.43.0'
   gem 'coveralls',  require: false
   gem 'minitest', '~> 5.5'
   gem 'simplecov', '~> 0.10'
@@ -25,7 +25,7 @@ end
 group :development do
   gem 'guard'
   gem 'guard-rspec'
-  gem 'guard-kitchen'
+  # gem 'guard-kitchen' # guard-kitchen is not compatable with Guard 2.x
   gem 'guard-rubocop'
   gem 'guard-foodcritic'
 end

Guardfile

@@ -17,16 +17,17 @@ end
 
 guard :rspec do
   watch(/^spec\/.+_spec\.rb$/)
-  watch(/^(recipes)\/(.+)\.rb$/)     { |m| "spec/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { 'spec' }
+  watch(/^(recipes)\/(.+)\.rb$/) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { 'spec' }
 end
 
-guard :kitchen, all_on_start: false do
-  watch(/test\/.+/)
-  watch(/^recipes\/(.+)\.rb$/)
-  watch(/^attributes\/(.+)\.rb$/)
-  watch(/^files\/(.+)/)
-  watch(/^templates\/(.+)/)
-  watch(/^providers\/(.+)\.rb/)
-  watch(/^resources\/(.+)\.rb/)
-end
+# guard-kitchen is not compatable with Guard 2.x
+# guard :kitchen, all_on_start: false do
+#   watch(/test\/.+/)
+#   watch(/^recipes\/(.+)\.rb$/)
+#   watch(/^attributes\/(.+)\.rb$/)
+#   watch(/^files\/(.+)/)
+#   watch(/^templates\/(.+)/)
+#   watch(/^providers\/(.+)\.rb/)
+#   watch(/^resources\/(.+)\.rb/)
+# end

Rakefile

@@ -56,7 +56,7 @@ begin
 
   # build changelog
   require 'github_changelog_generator/task'
-  GitHubChangelogGenerator::RakeTask.new :changelog  do |config|
+  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
     config.future_release = "v#{metadata.version}"
   end
 rescue LoadError

gemfile.chef-11

@@ -15,7 +15,7 @@ group :test do
   gem 'chefspec',   '~> 4.1.1'
   gem 'foodcritic', '~> 3.0'
   gem 'thor-foodcritic'
-  gem 'rubocop',    '~> 0.28.0'
+  gem 'rubocop',    '~> 0.43.0'
   gem 'coveralls',  require: false
 end
 

libraries/get_ssh_ciphers.rb

@@ -23,34 +23,33 @@
 class Chef
   class Recipe
     class SshCipher
-      # rubocop:disable AbcSize
       def self.get_ciphers(node, cbc_required)
         weak_ciphers = cbc_required ? 'weak' : 'default'
 
         # define cipher set
-        ciphers_53 = {}
-        ciphers_53.default = 'aes256-ctr,aes192-ctr,aes128-ctr'
-        ciphers_53['weak'] = ciphers_53['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
+        ciphers53 = {}
+        ciphers53.default = 'aes256-ctr,aes192-ctr,aes128-ctr'
+        ciphers53['weak'] = ciphers53['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
 
-        ciphers_66 = {}
-        ciphers_66.default = '[email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr'
-        ciphers_66['weak'] = ciphers_66['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
+        ciphers66 = {}
+        ciphers66.default = '[email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr'
+        ciphers66['weak'] = ciphers66['default'] + ',aes256-cbc,aes192-cbc,aes128-cbc'
 
         # determine the cipher for the operating system
-        cipher = ciphers_53
+        cipher = ciphers53
 
         # use newer ciphers on ubuntu
         if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 14.04
           Chef::Log.info('Detected Ubuntu 14.04 or newer, use new ciphers')
-          cipher = ciphers_66
+          cipher = ciphers66
 
         elsif node['platform'] == 'debian' && node['platform_version'].to_f >= 8
           Chef::Log.info('Detected Debian 8 or newer, use new ciphers')
-          cipher = ciphers_66
+          cipher = ciphers66
 
         elsif node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 7
           Chef::Log.info('Detected RedHat Family with version 7 or newer, use new ciphers')
-          cipher = ciphers_66
+          cipher = ciphers66
         end
 
         Chef::Log.info("Choose cipher: #{cipher[weak_ciphers]}")

libraries/get_ssh_kex.rb

@@ -27,30 +27,30 @@ class SshKex
       def self.get_kexs(node, weak_kex) # rubocop:disable CyclomaticComplexity, PerceivedComplexity
         weak_kex = weak_kex ? 'weak' : 'default'
 
-        kex_59 = {}
-        kex_59.default = 'diffie-hellman-group-exchange-sha256'
-        kex_59['weak'] = kex_59['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
+        kex59 = {}
+        kex59.default = 'diffie-hellman-group-exchange-sha256'
+        kex59['weak'] = kex59['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
 
-        kex_66 = {}
-        kex_66.default = '[email protected],diffie-hellman-group-exchange-sha256'
-        kex_66['weak'] = kex_66['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
+        kex66 = {}
+        kex66.default = '[email protected],diffie-hellman-group-exchange-sha256'
+        kex66['weak'] = kex66['default'] + ',diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1'
 
         # determine the kex for the operating system
-        kex = kex_59
+        kex = kex59
 
         # use newer kex on ubuntu 14.04
         if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 14.04
           Chef::Log.info('Detected Ubuntu 14.04 or newer, use new key exchange algorithms')
-          kex = kex_66
+          kex = kex66
 
         elsif node['platform'] == 'debian' && node['platform_version'].to_f >= 8
           Chef::Log.info('Detected Debian 8 or newer, use new key exchange algorithms')
-          kex = kex_66
+          kex = kex66
 
         # use newer kex for redhat version 7 or newer
         elsif node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 7
           Chef::Log.info('Detected Redhat 7 or newer, use new key exchange algorithms')
-          kex = kex_66
+          kex = kex66
 
         # deactivate kex on redhat version 6
         elsif node['platform_family'] == 'rhel' && node['platform_version'].to_f < 7

libraries/get_ssh_macs.rb

@@ -27,43 +27,43 @@ class SshMac
       def self.get_macs(node, weak_hmac) # rubocop:disable CyclomaticComplexity, PerceivedComplexity
         weak_macs = weak_hmac ? 'weak' : 'default'
 
-        macs_53 = {}
-        macs_53.default = 'hmac-ripemd160,hmac-sha1'
+        macs53 = {}
+        macs53.default = 'hmac-ripemd160,hmac-sha1'
 
-        macs_59 = {}
-        macs_59.default = 'hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
-        macs_59['weak'] = macs_59['default'] + ',hmac-sha1'
+        macs59 = {}
+        macs59.default = 'hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
+        macs59['weak'] = macs59['default'] + ',hmac-sha1'
 
-        macs_66 = {}
-        macs_66.default = '[email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
-        macs_66['weak'] = macs_66['default'] + ',hmac-sha1'
+        macs66 = {}
+        macs66.default = '[email protected],[email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,hmac-ripemd160'
+        macs66['weak'] = macs66['default'] + ',hmac-sha1'
 
         # determine the mac for the operating system
-        macs = macs_59
+        macs = macs59
 
         # use newer macs on ubuntu 14.04
         if node['platform'] == 'ubuntu' && node['platform_version'].to_f >= 14.04
           Chef::Log.info('Detected Ubuntu 14.04 or newer, use new macs')
-          macs = macs_66
+          macs = macs66
 
         elsif node['platform'] == 'debian' && node['platform_version'].to_f >= 8
           Chef::Log.info('Detected Debian 8 or newer, use new macs')
-          macs = macs_66
+          macs = macs66
 
         # use newer macs for rhel >= 7
         elsif node['platform_family'] == 'rhel' && node['platform_version'].to_f >= 7
           Chef::Log.info('Detected RedHat Family with version 7 or newer, use new macs')
-          macs = macs_66
+          macs = macs66
 
         # stick to 53 for rhel <= 6
         elsif node['platform_family'] == 'rhel' && node['platform_version'].to_f < 7
           Chef::Log.info('Detected RedHat Family, use old macs')
-          macs = macs_53
+          macs = macs53
 
         # use older mac for debian <= 6
         elsif node['platform'] == 'debian' && node['platform_version'].to_f <= 6
           Chef::Log.info('Detected Debian 6 or earlier, use old macs')
-          macs = macs_53
+          macs = macs53
         end
 
         Chef::Log.info("Choose macs: #{macs[weak_macs]}")

metadata.rb

@@ -15,14 +15,17 @@
 # limitations under the License.
 #
 
-name             "ssh-hardening"
-maintainer       "Dominik Richter"
-maintainer_email "[email protected]"
-license          "Apache 2.0"
-description      "This cookbook installs and provides secure ssh and sshd configurations."
+name             'ssh-hardening'
+maintainer       'Dominik Richter'
+maintainer_email '[email protected]'
+license          'Apache 2.0'
+description      'This cookbook installs and provides secure ssh and sshd configurations.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          "1.2.1"
+version          '1.2.1'
 
 recipe 'ssh-hardening::default', 'installs and configures ssh client and server'
 recipe 'ssh-hardening::client', 'install and apply security hardening for ssh client'
 recipe 'ssh-hardening::server', 'install and apply security hardening for ssh server'
+
+source_url 'https://github.com/dev-sec/chef-ssh-hardening'
+issues_url 'https://github.com/dev-sec/chef-ssh-hardening/issues'