summaryrefslogtreecommitdiffstats
path: root/examples/playbooks/rule-risky-file-permissions-fail.yml
blob: 643f598d9187759d00d7d94f90267ff3903964eb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

# Fixture for RiskyFilePermissionsRule should return 11 occurrences
---
- name: FAIL_INI_PRESERVE
  hosts: all
  tasks:
    - name: Ini_file does not accept preserve mode
      community.general.ini_file:
        path: foo
        create: true
        mode: preserve
        section: bar

- name: FAIL_INI_PERMISSION
  hosts: all
  tasks:
    - name: Permissions needed if create is used
      community.general.ini_file:
        path: foo
        create: true
        section: bar

- name: FAIL_PRESERVE_MODE
  hosts: all
  tasks:
    - name: File does not allow preserve value for mode
      ansible.builtin.file:
        path: foo
        mode: preserve

- name: FAIL_MISSING_PERMISSIONS_TOUCH
  hosts: all
  tasks:
    - name: Permissions missing and might create file # noqa: fqcn[action-core]
      file:
        path: foo
        state: touch
    - name: Permissions missing and might create file (fqcn)
      ansible.builtin.file:
        path: foo
        state: touch

- name: FAIL_MISSING_PERMISSIONS_DIRECTORY
  hosts: all
  tasks:
    - name: Permissions missing and might create directory # noqa: fqcn[action-core]
      file:
        path: foo
        state: directory
    - name: Lineinfile when create is true (fqcn)
      ansible.builtin.lineinfile:
        path: foo
        create: true
        line: some content here

- name: FAIL_MISSING_PERMISSIONS_GET_URL
  hosts: all
  tasks:
    - name: Permissions missing
      # noqa: fqcn[action-core]
      get_url:
        url: http://foo
        dest: foo

- name: FAIL_LINEINFILE_CREATE
  hosts: all
  tasks:
    - name: Lineinfile when create is true
      ansible.builtin.lineinfile:
        path: foo
        create: true
        line: some content here

- name: FAIL_REPLACE_PRESERVE
  hosts: all
  tasks:
    - name: Replace does not allow preserve mode # noqa: fqcn[action-core]
      replace:
        path: foo
        mode: preserve
        regexp: foo

- name: FAIL_PERMISSION_COMMENT
  hosts: all
  tasks:
    - name: Permissions is only a comment # noqa: fqcn[action-core]
      file:
        path: foo
        owner: root
        group: root
        state: directory
        # mode: 0755
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-07 18:06:06 +0000