From 175872819785af14116c8c90646a59332cbc35e2 Mon Sep 17 00:00:00 2001 From: Ice3man543 Date: Mon, 25 May 2020 17:22:12 +0530 Subject: [PATCH] Linting refactor to make yamllint happy --- .github/workflows/syntax-checking.yml | 22 +-- basic-detections/general-tokens.yaml | 28 ++-- panels/webeditors.yaml | 6 +- security-misconfiguration/basic-cors.yaml | 2 +- subdomain-takeover/detect-all-takeovers.yaml | 168 +++++++++---------- tokens/slack-access-token.yaml | 4 +- vulnerabilities/cached-aem-pages.yaml | 2 +- 7 files changed, 116 insertions(+), 116 deletions(-) diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml index 03c91508cb..cfb14aa8b7 100644 --- a/.github/workflows/syntax-checking.yml +++ b/.github/workflows/syntax-checking.yml @@ -1,19 +1,21 @@ name: syntax-checking -on: +"on": push: - branches: [ master ] + branches: + - master pull_request: - branches: [ master ] + branches: + - master jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: 'Yamllint' - uses: karancode/yamllint-github-action@master - with: - yamllint_config_filepath: .yamllint - yamllint_strict: false - yamllint_comment: true + - uses: actions/checkout@v2 + - name: Yamllint + uses: karancode/yamllint-github-action@master + with: + yamllint_config_filepath: .yamllint + yamllint_strict: false + yamllint_comment: true diff --git a/basic-detections/general-tokens.yaml b/basic-detections/general-tokens.yaml index b3d8ec5450..d963519d69 100644 --- a/basic-detections/general-tokens.yaml +++ b/basic-detections/general-tokens.yaml @@ -1,7 +1,5 @@ id: general-tokens -#this will create a huge load of false positive - info: name: General Tokens author: nadino @@ -10,23 +8,23 @@ info: requests: - method: GET path: - - "{{BaseURL}}" + - '{{BaseURL}}' matchers: - type: dsl dsl: - - 'regex("TOKEN[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any TOKEN word - - 'regex("API[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any API word - - 'regex("KEY[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any KEY word - - 'regex("SECRET[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any SECRET word - - 'regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any AUTHORIZATION word - - 'regex("PASSWORD[\\-|_|A-Z0-9]*(\''|\")?(:|=)(\''|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body)," ",""))' #any PASSWORD word + - regex("TOKEN[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) + - regex("API[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) + - regex("KEY[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) + - regex("SECRET[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) + - regex("AUTHORIZATION[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) + - regex("PASSWORD[\\-|_|A-Z0-9]*(\'|\")?(:|=)(\'|\")?[\\-|_|A-Z0-9]{10}",replace(toupper(body),"","")) extractors: - type: regex part: body regex: - - "(T|t)(O|o)(K|k)(E|e)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)+( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - - "(A|a)(P|p)(Ii)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - - "(K|k)(E|e)(Y|y)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - - "(S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - - "(A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" - - "(P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\\-|_|A-Za-z0-9]*(\''|\")?( )*(:|=)( )*(\''|\")?[ 0-9A-Za-z\\-_]+(\''|\")?" + - (T|t)(O|o)(K|k)(E|e)(N|n)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)+()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")? + - (A|a)(P|p)(Ii)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")? + - (K|k)(E|e)(Y|y)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)( )*(\''|")?[0-9A-Za-z\-_]+(\''|")? + - (S|s)(E|e)(C|c)(R|r)(E|e)(T|t)[\-|_|A-Za-z0-9]*(\''|")?( )*(:|=)()*(\''|")?[ 0-9A-Za-z\-_]+(\''|")? + - (A|a)(U|u)(T|t)(H|h)(O|o)(R|r)(I|i)(Z|z)(A|a)(T|t)(I|i)(O|o)(N|n)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")? + - (P|p)(A|a)(S|s)(S|s)(W|w)(O|o)(R|r)(D|d)[\-|_|A-Za-z0-9]*(\''|")?()*(:|=)( )*(\''|")?[ 0-9A-Za-z\-_]+(\''|")? diff --git a/panels/webeditors.yaml b/panels/webeditors.yaml index be02e0f18d..cb127e750e 100644 --- a/panels/webeditors.yaml +++ b/panels/webeditors.yaml @@ -9,12 +9,12 @@ requests: - method: GET path: - "{{BaseURL}}/fckeditor/_samples/default.html" - - "{{BaseURL}}/ckeditor/samples/" + - "{{BaseURL}}/ckeditor/samples/" - "{{BaseURL}}/editor/ckeditor/samples/" - "{{BaseURL}}/ckeditor/samples/sample_posteddata.php" - - "{{BaseURL}}/editor/ckeditor/samples/sample_posteddata.php" + - "{{BaseURL}}/editor/ckeditor/samples/sample_posteddata.php" - "{{BaseURL}}/fck/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php" - - "{{BaseURL}}/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheckder.php" + - "{{BaseURL}}/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellcheckder.php" - "{{BaseURL}}/ueditor/php/getRemoteImage.php" matchers: - type: word diff --git a/security-misconfiguration/basic-cors.yaml b/security-misconfiguration/basic-cors.yaml index 11888a28ee..1ebe0fd57d 100644 --- a/security-misconfiguration/basic-cors.yaml +++ b/security-misconfiguration/basic-cors.yaml @@ -10,7 +10,7 @@ requests: path: - "{{BaseURL}}" headers: - Origin: https://evil.com + Origin: "https://evil.com" matchers: - type: word words: diff --git a/subdomain-takeover/detect-all-takeovers.yaml b/subdomain-takeover/detect-all-takeovers.yaml index 1178c5f3c2..0a58e00fdb 100644 --- a/subdomain-takeover/detect-all-takeovers.yaml +++ b/subdomain-takeover/detect-all-takeovers.yaml @@ -41,310 +41,310 @@ requests: - type: regex name: worksites regex: - - "(?:Company Not Found|you’re looking for doesn’t exist)" + - "(?:Company Not Found|you’re looking for doesn’t exist)" - type: word name: landingi words: - - It looks like you're lost - - The page you are looking for is not found + - It looks like you're lost + - The page you are looking for is not found - type: word name: helprace words: - - Alias not configured! - - Admin of this Helprace account needs to set up domain alias - - "(see Step 2 here: Using your own domain with Helprace)." + - Alias not configured! + - Admin of this Helprace account needs to set up domain alias + - "(see Step 2 here: Using your own domain with Helprace)." - type: word name: canny words: - - Company Not Found - - There is no such company. Did you enter the right URL? + - Company Not Found + - There is no such company. Did you enter the right URL? - type: word name: ngrok words: - - ngrok.io not found - - Tunnel *.ngrok.io not found + - ngrok.io not found + - Tunnel *.ngrok.io not found - type: word name: tumblr words: - - Whatever you were looking for doesn't currently exist at this address. - - There's nothing here. + - Whatever you were looking for doesn't currently exist at this address. + - There's nothing here. - type: word name: github words: - - There isn't a GitHub Pages site here. - - For root URLs (like http://example.com/) you must provide an index.html file + - There isn't a GitHub Pages site here. + - For root URLs (like http://example.com/) you must provide an index.html file - type: word name: heroku words: - - There's nothing here, yet. - - herokucdn.com/error-pages/no-such-app.html - - "No such app" + - There's nothing here, yet. + - herokucdn.com/error-pages/no-such-app.html + - "No such app" - type: word name: tictail words: - - Building a brand of your own? - - 'to target URL: Trying to access your account?" - - or Trying to access your account?" + - or - - 404 Not Found
+ -
+ - 404 Not Found
- type: word name: statuspage words: - - Better Status Communication - - You are being redirected + - Better Status Communication + - You are being redirected - type: word name: bitbucket words: - - The page you have requested does not exist - - Repository not found + - The page you have requested does not exist + - Repository not found - type: word name: smartling words: - - Domain is not configured + - Domain is not configured - type: word name: acquia words: - - If you are an Acquia Cloud customer and expect to see your site at this address - - The site you are looking for could not be found. + - If you are an Acquia Cloud customer and expect to see your site at this address + - The site you are looking for could not be found. - type: word name: uservoice words: - - This UserVoice subdomain is currently available! + - This UserVoice subdomain is currently available! - type: word name: ghost words: - - The thing you were looking for is no longer here - - The thing you were looking for is no longer here, or never was + - The thing you were looking for is no longer here + - The thing you were looking for is no longer here, or never was - type: word name: tilda words: - - Domain has been assigned + - Domain has been assigned - type: word name: wordpress words: - - Do you want to register + - Do you want to register - type: word name: teamwork words: - - Oops - We didn't find your site. + - Oops - We didn't find your site. - type: word name: helpjuice words: - - We could not find what you're looking for. + - We could not find what you're looking for. - type: word name: helpscout words: - - 'No settings were found for this company:' + - "No settings were found for this company:" - type: word name: cargo words: - - If you're moving your domain away from Cargo you must make this configuration - through your registrar's DNS control panel. + - If you're moving your domain away from Cargo you must make this configuration + through your registrar's DNS control panel. - type: word name: feedpress words: - - The feed has not been found. + - The feed has not been found. - type: word name: surge words: - - project not found + - project not found - type: word name: surveygizmo words: - - data-html-name + - data-html-name - type: word name: mashery words: - - Unrecognized domain + - Unrecognized domain - type: word name: intercom words: - - This page is reserved for artistic dogs. - -

Uh oh. That page doesn’t exist.

+ - This page is reserved for artistic dogs. + -

Uh oh. That page doesn’t exist.

- type: word name: webflow words: - -

The page you are looking for doesn't exist or has been - moved.

+ -

The page you are looking for doesn't exist or has been + moved.

- type: word name: thinkific words: - - You may have mistyped the address or the page may have moved. + - You may have mistyped the address or the page may have moved. - type: word name: tave words: - - "

Error 404: Page Not Found

" + - "

Error 404: Page Not Found

" - type: word name: wishpond words: - - https://www.wishpond.com/404?campaign=true + - https://www.wishpond.com/404?campaign=true - type: word name: aftership words: - - Oops.

The page you're looking for doesn't - exist. + - Oops.

The page you're looking for doesn't + exist. - type: word name: aha words: - - There is no portal here ... sending you back to Aha! + - There is no portal here ... sending you back to Aha! - type: word name: brightcove words: - - '

Error Code: 404

' + - '

Error Code: 404

' - type: word name: bigcartel words: - - "

Oops! We couldn’t find that page.

" + - "

Oops! We couldn’t find that page.

" - type: word name: activecompaign words: - - alt="LIGHTTPD - fly light." + - alt="LIGHTTPD - fly light." - type: word name: compaignmonitor words: - - Double check the URL or