dev-sec · cookstyle · Jan 26, 2022
diff --git a/Berksfile b/Berksfile
@@ -1,6 +1,4 @@
-# encoding: utf-8
-
-source 'https://supermarket.getchef.com'
+source 'https://supermarket.chef.io'
 
 metadata
 

diff --git a/Gemfile b/Gemfile
@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 source 'https://rubygems.org'
 
 gem 'berkshelf',  '~> 4.0'

diff --git a/Guardfile b/Guardfile
@@ -1,32 +1,30 @@
-# encoding: utf-8
-
 # Guardfile
 
 guard :rubocop do
   watch(/.+\.rb$/)
-  watch(/(?:.+\/)?\.rubocop\.yml$/) { |m| File.dirname(m[0]) }
+  watch(%r{(?:.+/)?\.rubocop\.yml$}) { |m| File.dirname(m[0]) }
 end
 
 guard :foodcritic, cookbook_paths: '.', cli: '-f any --tags ~FC023' do
-  watch(/attributes\/.+\.rb$/)
-  watch(/providers\/.+\.rb$/)
-  watch(/recipes\/.+\.rb$/)
-  watch(/resources\/.+\.rb$/)
+  watch(%r{attributes/.+\.rb$})
+  watch(%r{providers/.+\.rb$})
+  watch(%r{recipes/.+\.rb$})
+  watch(%r{resources/.+\.rb$})
   watch(/metadata.rb/)
 end
 
 guard :rspec do
-  watch(/^spec\/.+_spec\.rb$/)
-  watch(/^(recipes)\/(.+)\.rb$/)     { |m| "spec/#{m[1]}_spec.rb" }
-  watch('spec/spec_helper.rb')  { 'spec' }
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^(recipes)/(.+)\.rb$}) { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb') { 'spec' }
 end
 
 guard :kitchen, all_on_start: false do
-  watch(/test\/.+/)
-  watch(/^recipes\/(.+)\.rb$/)
-  watch(/^attributes\/(.+)\.rb$/)
-  watch(/^files\/(.+)/)
-  watch(/^templates\/(.+)/)
-  watch(/^providers\/(.+)\.rb/)
-  watch(/^resources\/(.+)\.rb/)
+  watch(%r{test/.+})
+  watch(%r{^recipes/(.+)\.rb$})
+  watch(%r{^attributes/(.+)\.rb$})
+  watch(%r{^files/(.+)})
+  watch(%r{^templates/(.+)})
+  watch(%r{^providers/(.+)\.rb})
+  watch(%r{^resources/(.+)\.rb})
 end
diff --git a/Rakefile b/Rakefile
@@ -1,6 +1,4 @@
 #!/usr/bin/env rake
-# encoding: utf-8
-
 require 'foodcritic'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'

diff --git a/attributes/default.rb b/attributes/default.rb
@@ -1,10 +1,9 @@
-# encoding: utf-8
 #
-# Cookbook Name:: apache-hardening
+# Cookbook:: apache-hardening
 # Attributes:: default
 #
-# Copyright 2014, Edmund Haselwanter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Edmund Haselwanter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/attributes/hardening.rb b/attributes/hardening.rb
@@ -1,10 +1,9 @@
-# encoding: utf-8
 #
-# Cookbook Name:: apache-hardening
+# Cookbook:: apache-hardening
 # Attributes:: default
 #
-# Copyright 2014, Edmund Haselwanter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Edmund Haselwanter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/metadata.rb b/metadata.rb
@@ -1,16 +1,12 @@
 name 'apache-hardening'
 maintainer 'DevSec Hardening Framework Team'
 maintainer_email '[email protected]'
-license 'Apache v2.0'
+license 'Apache-2.0'
 description 'Installs and configures a secure apache server'
-long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 version '1.0.0'
 
 depends 'apache2', '~> 3.2.2'
 
-recipe 'apache-hardening::default', 'calls hardening recipe'
-recipe 'apache-hardening::hardening', 'add hardening configuration apache server'
-
 supports 'amazon'
 supports 'redhat'
 supports 'centos'

diff --git a/recipes/default.rb b/recipes/default.rb
@@ -1,10 +1,9 @@
-# encoding: utf-8
 #
-# Cookbook Name: apache-hardening
+# Cookbook:: Name: apache-hardening
 # Recipe: default
 #
-# Copyright 2014, Edmund Haselwanter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Edmund Haselwanter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,4 +18,4 @@
 # limitations under the License.
 #
 
-include_recipe('apache-hardening::hardening')
+include_recipe 'apache-hardening::hardening'
diff --git a/recipes/hardening.rb b/recipes/hardening.rb
@@ -1,10 +1,9 @@
-# encoding: utf-8
 #
-# Cookbook Name: apache-hardening
+# Cookbook:: Name: apache-hardening
 # Recipe: hardening.rb
 #
-# Copyright 2014, Edmund Haselwanter
-# Copyright 2014, Deutsche Telekom AG
+# Copyright:: 2014, Edmund Haselwanter
+# Copyright:: 2014, Deutsche Telekom AG
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -1,9 +1,6 @@
-# encoding: utf-8
-
 require 'chefspec'
 require 'chefspec/berkshelf'
 require 'coveralls'
 
 # coverage report
 Coveralls.wear!
-at_exit { ChefSpec::Coverage.report! }
diff --git a/spec/unit/recipes/default_spec.rb b/spec/unit/recipes/default_spec.rb
@@ -1,9 +1,6 @@
-# encoding: utf-8
-
 require 'spec_helper'
 
 describe 'apache-hardening::default' do
-
   before { allow_any_instance_of(Chef::Recipe).to receive(:search) }
   let(:runner) { ChefSpec::ServerRunner.new }
   let(:node) { runner.node }
@@ -17,5 +14,4 @@
   it 'includes apache-hardening::hardening recipe' do
     expect(chef_run).to include_recipe('apache-hardening::hardening')
   end
-
 end
diff --git a/spec/unit/recipes/hardening_spec.rb b/spec/unit/recipes/hardening_spec.rb
@@ -1,9 +1,6 @@
-# encoding: utf-8
-
 require 'spec_helper'
 
 describe 'apache-hardening::hardening' do
-
   before { allow_any_instance_of(Chef::Recipe).to receive(:search) }
   let(:runner) { ChefSpec::ServerRunner.new }
   let(:node) { runner.node }
@@ -15,63 +12,46 @@
   end
 
   it 'creates hardening.conf with correct permissions' do
-
     expect(chef_run).to create_template(File.join(chef_run.node['apache']['dir'], '/conf-enabled/', 'hardening.conf')).with(
       user:   'root',
       group:  chef_run.node['apache']['root_group'],
       mode:   '0640'
     )
-
   end
 
   # Since we cannot test the definition apache_module itself, we have to test for a side effect to happen
   # We check for the not present module file in mods_enabled
   it 'disables specified apache modules' do
-
     chef_run.node['apache_hardening']['modules_to_disable'].each do |module_to_disable|
       expect(chef_run).to_not create_file_if_missing("#{chef_run.node['apache']['dir']}/mods-enabled/#{module_to_disable}.load")
     end
-
   end
 
   it 'checks that the correct alias.conf.erb template is being used' do
-
     chef_run.run_context.resource_collection.each do |resource|
-
       next unless resource.name == "#{chef_run.node['apache']['dir']}/mods-available/alias.conf"
 
       expect(resource.cookbook).to eq('apache-hardening')
-
     end
-
   end
 
   it 'makes sure that it does not flap on o-rw' do
-
     chef_run.run_context.resource_collection.each do |resource|
-
       next unless (resource.respond_to? :mode) && !resource.mode.nil?
 
       expect(resource.mode).to eq('0750') if resource.name =~ /#{chef_run.node['apache']['dir']}/ && resource.mode[1].eql?('7')
       expect(resource.mode).to eq('0640') if resource.name =~ /#{chef_run.node['apache']['dir']}/ && resource.mode[1].eql?('6')
       expect(resource.mode).to eq('0640') if resource.name == 'apache2.conf'
-
     end
-
   end
 
   it 'executes "remove world readable files"' do
-
     stub_command("find /etc/apache2 -perm -o+r -type f -o -perm -o+w -type f | wc -l | egrep '^0$'").and_return(false)
     expect(chef_run).to run_execute('remove world readable files')
-
   end
 
   it 'does not execute "remove world readable files"' do
-
     stub_command("find /etc/apache2 -perm -o+r -type f -o -perm -o+w -type f | wc -l | egrep '^0$'").and_return(true)
     expect(chef_run).to_not run_execute('remove world readable files')
-
   end
-
 end