Enter sha256 binary sum in report files

[releng-anteater.git] / master_list.yaml

diff --git a/master_list.yaml b/master_list.yaml
index 178dde4..0247250 100644 (file)
--- a/master_list.yaml
+++ b/master_list.yaml
@@ -44,6 +44,7 @@ file_audits:
     - omniauth\.rb
     - carrierwave\.rb
     - schema\.rb
+    - knife\.rb
     - database\.yml
     - settings\.py
     - keychain
@@ -53,6 +54,25 @@ file_audits:
     - kwallet
     - aws_access_key_id
     - aws_secret_access_key
+    - otr\.private_key
+    - ovpn
+    - agilekeychain
+    - \.log
+    - gnucash
+    - backup
+    - jenkins\.plugins\.publish_over_ssh\.BapSshPublisherPlugin\.xml
+    - LocalSettings\.php
+    - tblk
+    - Favorites\.plist
+    - configuration\.user\.xpl
+    - tugboat
+    - git-credentials
+    - git-config
+    - proftpdpasswd
+    - robomongo\.json
+    - filezilla\.xml
+    - recentservers\.xml
+    - ventrilo_srv\.ini
 
   file_contents:
     private_key:
@@ -101,9 +121,7 @@ file_audits:
 
     ripemd:
       regex: ripemd
-      desc: |
-        "RACE Integrity Primitives Evaluation Message Digest
-        is an insecure hashing algorithm"
+      desc: "RACE Message Digest is an insecure hashing algorithm"
 
     secret:
       regex: secret
@@ -152,38 +170,29 @@ file_audits:
     apprun:
       regex: app\.run\s*\(.*debug.*=.*True.*\)
       desc: |
-        "Running flask in debug mode can give away sensitive data on a
-        systems configuration"
+        "Running flask in debug mode can give away sensitive data"
 
     autoescape:
       regex: autoescape.*=.*False
-      desc: |
-        "Without escaping HTML input an application becomes
-        vulnerable to Cross Site Scripting (XSS) attacks."
+      desc: "Not escaping HTML input is vulnerable to XSS attacks."
 
     safestring:
       regex: safestring\.mark_safe.*\(.*\)
-      desc: |
-        "Without escaping HTML input an application becomes
-        vulnerable to Cross Site Scripting (XSS) attacks."
+      desc: "Not escaping HTML input is vulnerable to XSS attacks."
 
     shelltrue:
       regex: shell.*=.*True
-      desc: |
-        "Shell=True can lead to dangerous shell escapes,
-        expecially when the input can be crafted by untrusted external input"
+      desc: "Shell=True can lead to dangerous shell escapes"
 
     tmp:
       regex: \/tmp\/
       desc: |
-        "Use of tmp directories can be dangerous. Its world writable and
-        accessable, and can be easily guessed by attackers"
+        "tmp directories are risky. They are world writable and easily guessed"
 
     yamlload:
       regex: \yaml\.load
       desc: |
-        "Avoid dangerous file parsing and object serialization libraries,
-        use instead `yaml.safe_load`"
+        "Avoid dangerous file parsing & serialization libs, use yaml.safe_load"
 
     telnet:
       regex: telnet
@@ -196,6 +205,13 @@ file_audits:
     finger:
       regex: \bfinger\b
       desc: "Avoid coms applications that transmit credentials in clear text"
+    allint:
+      regex: 0\.0\.0\.0
+      desc: "Interface listening on all addresses - may break security zones"
+
+file_ignore:
+  - '.rst'
+  - '.md'
 
 licence:
   licence_ext:
@@ -232,3 +248,12 @@ project_exceptions:
   - releng: exceptions/releng.yaml
   - sandbox: exceptions/sandbox.yaml
   - yardstick: exceptions/yardstick.yaml
+  - infra: exceptions/infra.yaml
+  - ipv6: exceptions/ipv6.yaml
+  - joid: exceptions/joid.yaml
+  - kvmfornfv: exceptions/kvmfornfv.yaml
+  - lsoapi: exceptions/lsoapi.yaml
+  - models: exceptions/models.yaml
+  - moon: exceptions/moon.yaml
+  - multisite: exceptions/multisite.yaml
+  - netready: exceptions/netready.yaml