[CVE-2017-8418] - updating rubocop dependency.

Breaking Changes:
- removed `< 2.1` ruby support

Misc:
- appeased the cops

Signed-off-by: Ben Abrams <[email protected]>

Author: majormoses

.rubocop.yml

@@ -34,3 +34,23 @@ Style/Next:
 
 Style/MultilineTernaryOperator:
   Enabled: false
+
+# safe navigation was introduced in ruby 2.3
+Style/SafeNavigation:
+  Enabled: false
+
+# match?() was added in ruby 2.4
+Performance/RegexpMatch:
+  Enabled: false
+
+
+# TODO: figure out which to use `Date` or `Time`
+Style/DateTime:
+  Enabled: false
+
+
+# testing can be slow
+Metrics/BlockLength:
+  Enabled: true
+  Exclude:
+    - 'test/**/*.rb'

.travis.yml

@@ -4,7 +4,6 @@ cache:
 install:
 - bundle install
 rvm:
-- 2.0
 - 2.1
 - 2.2
 - 2.3.0
@@ -27,7 +26,6 @@ deploy:
   on:
     tags: true
     all_branches: true
-    rvm: 2.0
     rvm: 2.1
     rvm: 2.2
     rvm: 2.3.0

CHANGELOG.md

@@ -5,6 +5,15 @@ This CHANGELOG follows the format listed  [here](https://github.com/sensu-plugin
 
 ## [Unreleased]
 
+### Security
+- updated rubocop dependency to `~> 0.51.0` per: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8418. (@majormoses)
+
+### Breaking Changes
+- removed ruby `< 2.1` support (@majormoses)
+
+### Changed
+- appeased the cops and updated cop config (@majormoses)
+
 ## [2.3.1] - 2018-02-28
 ### Changed
 - update whois-parser gem dependency to version 1.0.1 (@amdprophet)

Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 # Specify your gem's dependencies in sensu-plugins-network-checks.gemspec

Rakefile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'bundler/gem_tasks'
 require 'github/markup'
 require 'redcarpet'
@@ -7,12 +9,12 @@ require 'yard'
 require 'yard/rake/yardoc_task'
 
 desc 'Don\'t run Rubocop for unsupported versions'
-args = [:spec, :make_bin_executable, :yard, :rubocop, :check_binstubs]
+args = %i[spec make_bin_executable yard rubocop check_binstubs]
 
 YARD::Rake::YardocTask.new do |t|
-  OTHER_PATHS = %w().freeze
+  OTHER_PATHS = %w[].freeze
   t.files = ['lib/**/*.rb', 'bin/**/*.rb', OTHER_PATHS]
-  t.options = %w(--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md)
+  t.options = %w[--markup-provider=redcarpet --markup=markdown --main=README.md --files CHANGELOG.md]
 end
 
 RuboCop::RakeTask.new

bin/check-banner.rb

@@ -1,6 +1,7 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
-#  encoding: UTF-8
 #   check-banner
 #
 # DESCRIPTION:

bin/check-jsonwhois-domain-expiration.rb

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
-# encoding: utf-8
+# frozen_string_literal: false
+
 #
 #   check-jsonwhois-domain-expiration
 #
@@ -72,7 +73,7 @@ class JSONWhoisDomainExpirationCheck < Sensu::Plugin::Check::CLI
          short: '-r LEVEL',
          long: '--report-errors LEVEL',
          proc: proc(&:to_sym),
-         in: %i(unknown warning critical),
+         in: %i[unknown warning critical],
          default: :unknown,
          description: 'Level for reporting connection or parsing errors'
 
@@ -110,7 +111,7 @@ def expiration_results
         else
           results[:ok][domain] = domain_result
         end
-      rescue
+      rescue StandardError
         results[:unknown][domain] = 'Connection or parsing error' unless config[:'ignore-errors']
       end
     end

bin/check-mtu.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   check-mtu.rb
 #

bin/check-multicast-groups.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: false
+
 #
 #   check-multicast-groups
 #
@@ -66,7 +68,7 @@ def run
       critical "#{diff.size} missing multicast group(s):\n#{diff_output}"
     end
     ok
-  rescue => ex
+  rescue StandardError => ex
     critical "Failed to check multicast groups: #{ex}"
   end
 end

bin/check-netfilter-conntrack.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
-bin_dir = File.expand_path(File.dirname(__FILE__))
+bin_dir = File.expand_path(__dir__)
 shell_script_path = File.join(bin_dir, File.basename($PROGRAM_NAME, '.rb') + '.sh')
 
 exec shell_script_path, *ARGV

bin/check-netstat-tcp.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   check-netstat-tcp
 #
@@ -102,7 +104,7 @@ def netstat(protocols = ['tcp'])
   end
 
   def run
-    state_counts = netstat(%w(tcp tcp6))
+    state_counts = netstat(%w[tcp tcp6])
     is_critical = false
     is_warning = false
     message = ''

bin/check-ping.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #  check-ping
 #
@@ -83,7 +85,7 @@ def run
     pt = Net::Ping::External.new(config[:host], nil, config[:timeout])
 
     config[:count].times do |i|
-      sleep(config[:interval]) unless i == 0
+      sleep(config[:interval]) unless i.zero?
       result[i] = config[:ipv6] ? pt.ping6 : pt.ping
     end
 

bin/check-ports-bind.rb

@@ -1,6 +1,7 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
-#  encoding: UTF-8
 #   check-ports-bind
 #
 # DESCRIPTION:

bin/check-ports-nmap.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   check-ports-nmap
 #

bin/check-ports.rb

@@ -1,6 +1,7 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
-#  encoding: UTF-8
 #   check-ports
 #
 # DESCRIPTION:

bin/check-rbl.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   check-rbl
 #
@@ -89,7 +91,7 @@ def run
 
     # YELLOW
     unless msg_string.empty? # rubocop:disable UnlessElse
-      if criticality > 0
+      if criticality.positive?
         critical "#{ip_add} Blacklisted in#{msg_string}"
       else
         warning "#{ip_add} Blacklisted in#{msg_string}"

bin/check-socat.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: false
+
 #
 #   check-socat
 #

bin/check-whois-domain-expiration-multi.rb

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
-# encoding: utf-8
+# frozen_string_literal: false
+
 #
 #   check-whois-domain-expiration-multi
 #
@@ -66,7 +67,7 @@ class WhoisDomainExpirationCheck < Sensu::Plugin::Check::CLI
          short: '-r LEVEL',
          long: '--report-errors LEVEL',
          proc: proc(&:to_sym),
-         in: %i(unknown warning critical),
+         in: %i[unknown warning critical],
          default: :unknown,
          description: 'Level for reporting connection or parsing errors'
 
@@ -126,7 +127,7 @@ def expiration_results
         else
           results[:ok][domain] = domain_result
         end
-      rescue
+      rescue StandardError
         results[:unknown][domain] = 'Parsing error' unless config[:'ignore-errors']
       end
     end

bin/check-whois-domain-expiration.rb

@@ -1,5 +1,6 @@
 #!/usr/bin/env ruby
-# encoding: utf-8
+# frozen_string_literal: false
+
 #
 #   check-whois-domain-expiration
 #
@@ -63,6 +64,7 @@ class WhoisDomainExpirationCheck < Sensu::Plugin::Check::CLI
   def run
     whois = Whois.whois(config[:domain])
 
+    # TODO: figure out which to use `Date` or `Time`
     expires_on = DateTime.parse(whois.parser.expires_on.to_s)
     num_days = (expires_on - DateTime.now).to_i
 
@@ -75,7 +77,7 @@ def run
     else
       ok
     end
-  rescue
+  rescue StandardError
     unknown "#{config[:domain]} can't be checked"
   end
 end

bin/metrics-interface.rb

@@ -1,5 +1,6 @@
 #! /usr/bin/env ruby
-#  encoding: UTF-8
+# frozen_string_literal: true
+
 #
 #   interface-metrics
 #
@@ -52,7 +53,7 @@ class InterfaceGraphite < Sensu::Plugin::Metric::CLI::Graphite
   def run
     # Metrics borrowed from hoardd: https://github.com/coredump/hoardd
 
-    metrics = %w(rxBytes
+    metrics = %w[rxBytes
                  rxPackets
                  rxErrors
                  rxDrops
@@ -67,7 +68,7 @@ def run
                  txFifo
                  txColls
                  txCarrier
-                 txCompressed)
+                 txCompressed]
 
     File.open('/proc/net/dev', 'r').each_line do |line|
       interface, stats_string = line.scan(/^\s*([^:]+):\s*(.*)$/).first

bin/metrics-net.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   metrics-net
 #
@@ -91,7 +93,7 @@ def run
 
       begin
         if_speed = File.open(iface_path + '/speed').read.strip
-      rescue
+      rescue StandardError
         if_speed = 0
       end
 

bin/metrics-netif.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   netif-metrics
 #

bin/metrics-netstat-tcp.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 #   metrics-netstat-tcp
 #

bin/metrics-ping.rb

@@ -1,4 +1,6 @@
 #! /usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 # metrics-ping
 #
@@ -69,8 +71,8 @@ class PingMetrics < Sensu::Plugin::Metric::CLI::Graphite
          long: '--timeout TIMEOUT',
          default: 5
 
-  OVERVIEW_METRICS = [:packets_transmitted, :packets_received, :packet_loss, :time].freeze
-  STATISTIC_METRICS = [:min, :avg, :max, :mdev].freeze
+  OVERVIEW_METRICS = %i[packets_transmitted packets_received packet_loss time].freeze
+  STATISTIC_METRICS = %i[min avg max mdev].freeze
   FLOAT = '(\d+\.\d+)'.freeze
 
   def overview

bin/metrics-sockstat.rb

@@ -1,4 +1,6 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
+
 #
 # metrics-sockstat
 #
@@ -54,7 +56,7 @@ def generic_metrics(fields)
 
   def read_sockstat
     return IO.read('/proc/net/sockstat')
-  rescue => e
+  rescue StandardError => e
     unknown "Failed to read /proc/net/sockstat: #{e}"
   end
 

lib/sensu-plugins-network-checks.rb

@@ -1 +1,3 @@
+# frozen_string_literal: true
+
 require 'sensu-plugins-network-checks/version'

lib/sensu-plugins-network-checks/version.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module SensuPluginsNetworkChecks
   module Version
     MAJOR = 2