/
dnf-unencrypted-url.yaml
36 lines (36 loc) · 1.17 KB
/
dnf-unencrypted-url.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
rules:
- id: dnf-unencrypted-url
message: Found dnf download with unencrypted URL (e.g. HTTP, FTP, etc.)
languages: [yaml]
severity: WARNING
metadata:
category: security
cwe: "CWE-319: Cleartext Transmission of Sensitive Information"
subcategory: [audit]
technology: [ansible, dnf]
confidence: HIGH
likelihood: HIGH
impact: HIGH
references:
- https://docs.ansible.com/ansible/latest/collections/ansible/builtin/dnf_module.html#parameter-name
- https://docs.ansible.com/ansible/latest/collections/ansible/builtin/dnf5_module.html#parameter-name
patterns:
- pattern-inside: |
$DNF:
...
- metavariable-pattern:
metavariable: $DNF
pattern-either:
- pattern: dnf
- pattern: ansible.builtin.dnf
- pattern: dnf5
- pattern: ansible.builtin.dnf5
- pattern: "$KEY: '$VALUE'"
- metavariable-pattern:
metavariable: $KEY
pattern-either:
- pattern: name
- pattern: pkg
- metavariable-regex:
metavariable: $VALUE
regex: "(?i)^(http|ftp):\/\/.*"