(CONT-339) Add Top Scope Facts Check

chelnak · chelnak · commit 5ea6e0bb22c9 · 2023-02-20T16:38:08.000Z
This commit introduces the top_scope_facts check. The plugin originated here: https://github.com/mmckinst/puppet-lint-top_scope_facts-check and was authored by mmckinst. Permission has been given to migrate this check to puppet-lints default plugin set in this PR: mmckinst/puppet-lint-top_scope_facts-check#11
diff --git a/lib/puppet-lint/plugins/top_scope_facts/top_scope_facts.rb b/lib/puppet-lint/plugins/top_scope_facts/top_scope_facts.rb
@@ -0,0 +1,23 @@
+PuppetLint.new_check(:top_scope_facts) do
+  TOP_SCOPE_FACTS_VAR_TYPES = Set[:VARIABLE, :UNENC_VARIABLE]
+  def check
+    whitelist = ['trusted', 'facts'] + (PuppetLint.configuration.top_scope_variables || [])
+    whitelist = whitelist.join('|')
+    tokens.select { |x| TOP_SCOPE_FACTS_VAR_TYPES.include?(x.type) }.each do |token|
+      next unless token.value.match(/^::/)
+      next if token.value.match(/^::(#{whitelist})\[?/)
+      next if token.value =~ /^::[a-z0-9_][a-zA-Z0-9_]+::/
+
+      notify :warning, {
+        :message => 'top scope fact instead of facts hash',
+        :line    => token.line,
+        :column  => token.column,
+        :token   => token,
+      }
+    end
+  end
+
+  def fix(problem)
+    problem[:token].value = "facts['" + problem[:token].value.sub(/^::/, '') + "']"
+  end
+end
diff --git a/puppet-lint.gemspec b/puppet-lint.gemspec
@@ -32,5 +32,5 @@ Gem::Specification.new do |spec|
   ]
   spec.license = 'MIT'
 
-  spec.required_ruby_version = Gem::Requirement.new('>= 2.7'.freeze)
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.5'.freeze)
 end
diff --git a/spec/unit/puppet-lint/plugins/top_scope_facts/top_scope_facts_spec.rb b/spec/unit/puppet-lint/plugins/top_scope_facts/top_scope_facts_spec.rb
@@ -0,0 +1,194 @@
+require 'spec_helper'
+
+describe 'top_scope_facts' do
+  let(:msg) { 'top scope fact instead of facts hash' }
+  context 'with fix disabled' do
+    context 'fact variable using $facts hash' do
+      let(:code) { "$facts['operatingsystem']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+    context 'non-fact variable with two colons' do
+      let(:code) { "$foo::bar" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::facts hash' do
+      let(:code) { "$::facts['os']['family']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::trusted hash' do
+      let(:code) { "$::trusted['certname']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using top scope' do
+      let(:code) { '$::operatingsystem' }
+
+      it 'should only detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a warning' do
+        expect(problems).to contain_warning(msg).on_line(1).in_column(1)
+      end
+    end
+
+    context 'fact variable using top scope with curly braces in double quote' do
+      let(:code) { '"${::operatingsystem}"' }
+
+      it 'should only detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should create a warning' do
+        expect(problems).to contain_warning(msg).on_line(1).in_column(4)
+      end
+    end
+
+    context 'out of scope namespaced variable with leading ::' do
+      let(:code) { '$::profile::foo::bar' }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+
+      context 'inside double quotes' do
+        let(:code) { '"$::profile::foo::bar"' }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+
+      context 'with curly braces in double quote' do
+        let(:code) { '"${::profile::foo::bar}"' }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+    end
+  end
+
+  context 'with fix enabled' do
+    before do
+      PuppetLint.configuration.fix = true
+    end
+
+    after do
+      PuppetLint.configuration.fix = false
+    end
+
+    context 'fact variable using $facts hash' do
+      let(:code) { "$facts['operatingsystem']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'non-fact variable with two colons' do
+      let(:code) { "$foo::bar" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::facts hash' do
+      let(:code) { "$::facts['os']['family']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'top scope $::trusted hash' do
+      let(:code) { "$::trusted['certname']" }
+
+      it 'should not detect any problems' do
+        expect(problems).to have(0).problem
+      end
+    end
+
+    context 'fact variable using top scope' do
+      let(:code) { '$::operatingsystem' }
+
+      it 'should only detect a single problem' do
+        expect(problems).to have(1).problem
+      end
+
+      it 'should fix the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(1)
+      end
+
+      it 'should should use the facts hash' do
+        expect(manifest).to eq("$facts['operatingsystem']")
+      end
+    end
+
+    context 'fact variable using top scope with curly braces in double quote' do
+      let(:code) { '"${::operatingsystem}"' }
+
+      it 'should fix the problem' do
+        expect(problems).to contain_fixed(msg).on_line(1).in_column(4)
+      end
+
+      it 'should should use the facts hash' do
+        expect(manifest).to eq('"${facts[\'operatingsystem\']}"')
+      end
+    end
+
+    context 'with custom top scope fact variables' do
+      before do
+        PuppetLint.configuration.top_scope_variables = ['location', 'role']
+      end
+
+      context 'fact variable using $facts hash' do
+        let(:code) { "$facts['operatingsystem']" }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'fact variable using $trusted hash' do
+        let(:code) { "$trusted['certname']" }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'whitelisted top scope variable $::location' do
+        let(:code) { "$::location" }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(0).problem
+        end
+      end
+
+      context 'non-whitelisted top scope variable $::application' do
+        let(:code) { "$::application" }
+
+        it 'should not detect any problems' do
+          expect(problems).to have(1).problem
+        end
+      end
+    end
+  end
+end

Original file line number	Diff line number	Diff line change
`@@ -32,5 +32,5 @@ Gem::Specification.new do \|spec\|`
`32`	`32`	`]`
`33`	`33`	`spec.license = 'MIT'`
`34`	`34`
`35`		`- spec.required_ruby_version = Gem::Requirement.new('>= 2.7'.freeze)`
	`35`	`+ spec.required_ruby_version = Gem::Requirement.new('>= 2.5'.freeze)`
`36`	`36`	`end`