digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-22 11:48:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

hunner-wordpress base module

Browse Source
This commit is contained in:
ts
2018-03-07 16:05:18 +00:00
committed by thomashaw
parent 43e1baff03
commit bf56d22c15
34 changed files with 1835 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/vulnerabilities/unix/webapp/wordpress/.fixtures.yml Normal file
View File

@@ -0,0 +1,7 @@
fixtures:
repositories:
concat: "git://github.com/ripienaar/puppet-concat.git"
mysql: "git://github.com/puppetlabs/puppetlabs-mysql.git"
stdlib: "git://github.com/puppetlabs/puppetlabs-stdlib.git"
symlinks:
wordpress: "#{source_dir}"

22
modules/vulnerabilities/unix/webapp/wordpress/.gitignore vendored Normal file
View File

@@ -0,0 +1,22 @@
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/
/tmp/
/vendor/
/convert_report.txt
.DS_Store

70
modules/vulnerabilities/unix/webapp/wordpress/.gitlab-ci.yml Normal file
View File

@@ -0,0 +1,70 @@
---
stages:
- test_2.4.1
- test_2.1.9
before_script:
- bundle -v
- rm Gemfile.lock || true
- gem update --system
- gem update bundler
- gem --version
- bundle -v
- bundle install --without system_tests
rubocop-2.4.1:
stage: test_2.4.1
image: ruby:2.4.1
script:
- bundle exec rake rubocop
syntax-2.4.1:
stage: test_2.4.1
image: ruby:2.4.1
script:
- bundle exec rake syntax lint
metadata-2.4.1:
stage: test_2.4.1
image: ruby:2.4.1
script:
- bundle exec rake metadata_lint
rspec-puppet-2.4.1:
stage: test_2.4.1
image: ruby:2.4.1
variables:
PUPPET_GEM_VERSION: ~> 4.0
CHECK: spec
script:
- bundle update
- bundle exec rake $CHECK
rubocop-2.1.9:
stage: test_2.1.9
image: ruby:2.1.9
script:
- bundle exec rake rubocop
syntax-2.1.9:
stage: test_2.1.9
image: ruby:2.1.9
script:
- bundle exec rake syntax lint
metadata-2.1.9:
stage: test_2.1.9
image: ruby:2.1.9
script:
- bundle exec rake metadata_lint
rspec-puppet-2.1.9:
stage: test_2.1.9
image: ruby:2.1.9
variables:
PUPPET_GEM_VERSION: ~> 4.0
CHECK: spec
script:
- bundle update
- bundle exec rake $CHECK

22
modules/vulnerabilities/unix/webapp/wordpress/.pdkignore Normal file
View File

@@ -0,0 +1,22 @@
.*.sw[op]
.metadata
.yardoc
.yardwarns
*.iml
/.bundle/
/.idea/
/.vagrant/
/coverage/
/bin/
/doc/
/Gemfile.local
/Gemfile.lock
/junit/
/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/
/tmp/
/vendor/
/convert_report.txt
.DS_Store

2
modules/vulnerabilities/unix/webapp/wordpress/.rspec Normal file
View File

@@ -0,0 +1,2 @@
--color
--format documentation

107
modules/vulnerabilities/unix/webapp/wordpress/.rubocop.yml Normal file
View File

@@ -0,0 +1,107 @@
---
require: rubocop-rspec
AllCops:
DisplayCopNames: true
TargetRubyVersion: '2.1'
Include:
- "./**/*.rb"
Exclude:
- bin/*
- ".vendor/**/*"
- Gemfile
- Rakefile
- pkg/**/*
- spec/fixtures/**/*
- vendor/**/*
Metrics/LineLength:
Description: People have wide screens, use them.
Max: 200
RSpec/BeforeAfterAll:
Description: Beware of using after(:all) as it may cause state to leak between tests.
A necessary evil in acceptance testing.
Exclude:
- spec/acceptance/**/*.rb
RSpec/HookArgument:
Description: Prefer explicit :each argument, matching existing module's style
EnforcedStyle: each
Style/BlockDelimiters:
Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to
be consistent then.
EnforcedStyle: braces_for_chaining
Style/ClassAndModuleChildren:
Description: Compact style reduces the required amount of indentation.
EnforcedStyle: compact
Style/EmptyElse:
Description: Enforce against empty else clauses, but allow `nil` for clarity.
EnforcedStyle: empty
Style/FormatString:
Description: Following the main puppet project's style, prefer the % format format.
EnforcedStyle: percent
Style/FormatStringToken:
Description: Following the main puppet project's style, prefer the simpler template
tokens over annotated ones.
EnforcedStyle: template
Style/Lambda:
Description: Prefer the keyword for easier discoverability.
EnforcedStyle: literal
Style/RegexpLiteral:
Description: Community preference. See https://github.com/voxpupuli/modulesync_config/issues/168
EnforcedStyle: percent_r
Style/TernaryParentheses:
Description: Checks for use of parentheses around ternary conditions. Enforce parentheses
on complex expressions for better readability, but seriously consider breaking
it up.
EnforcedStyle: require_parentheses_when_complex
Style/TrailingCommaInArguments:
Description: Prefer always trailing comma on multiline argument lists. This makes
diffs, and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/TrailingCommaInLiteral:
Description: Prefer always trailing comma on multiline literals. This makes diffs,
and re-ordering nicer.
EnforcedStyleForMultiline: comma
Style/SymbolArray:
Description: Using percent style obscures symbolic intent of array's contents.
EnforcedStyle: brackets
RSpec/MessageSpies:
EnforcedStyle: receive
Style/CollectionMethods:
Enabled: true
Style/MethodCalledOnDoEndBlock:
Enabled: true
Style/StringMethods:
Enabled: true
Layout/EndOfLine:
Enabled: false
Metrics/AbcSize:
Enabled: false
Metrics/BlockLength:
Enabled: false
Metrics/ClassLength:
Enabled: false
Metrics/CyclomaticComplexity:
Enabled: false
Metrics/MethodLength:
Enabled: false
Metrics/ModuleLength:
Enabled: false
Metrics/ParameterLists:
Enabled: false
Metrics/PerceivedComplexity:
Enabled: false
RSpec/DescribeClass:
Enabled: false
RSpec/ExampleLength:
Enabled: false
RSpec/MessageExpectation:
Enabled: false
RSpec/MultipleExpectations:
Enabled: false
RSpec/NestedGroups:
Enabled: false
Style/AsciiComments:
Enabled: false
Style/IfUnlessModifier:
Enabled: false
Style/SymbolProc:
Enabled: false

48
modules/vulnerabilities/unix/webapp/wordpress/.travis.yml Normal file
View File

@@ -0,0 +1,48 @@
---
sudo: false
dist: trusty
language: ruby
cache: bundler
before_install:
- bundle -v
- rm Gemfile.lock || true
- gem update --system
- gem update bundler
- gem --version
- bundle -v
script:
- 'bundle exec rake $CHECK'
bundler_args: --without system_tests
rvm:
- 2.4.1
env:
- PUPPET_GEM_VERSION="~> 5.0" CHECK=spec
matrix:
fast_finish: true
include:
-
env: CHECK=rubocop
-
env: CHECK="syntax lint"
-
env: CHECK=metadata_lint
-
env: CHECK=spec
-
env: PUPPET_GEM_VERSION="~> 4.0" CHECK=spec
rvm: 2.1.9
branches:
only:
- master
- /^v\d/
notifications:
email: false
deploy:
provider: puppetforge
user: puppet
password:
secure: ""
on:
tags: true
all_branches: true
condition: "$DEPLOY_TO_FORGE = yes"

1
modules/vulnerabilities/unix/webapp/wordpress/.yardopts Normal file
View File

@@ -0,0 +1 @@
--markup markdown

73
modules/vulnerabilities/unix/webapp/wordpress/CHANGELOG Normal file
View File

@@ -0,0 +1,73 @@
2014-10-15 Release 1.0.0
Features
- Multiple instances ability via wordpress::instance
- New wp_debug, wp_debug_log, and wp_debug_display parameters for debug output
- New wp_config_content parameter for custom configuration
Bugfixes:
- Convert rspec-system tests to beaker-rspec tests
- Updated readme
2014-01-16 Release 0.6.0
Features:
- Add `wordpress::wp_additional_config` parameter for custom template
fragments.
- Add `wordpress::wp_table_prefix` to customize the table prefix in mysql.
Bugfixes:
- Fix idempotency for `mysql_grant` privileges.
2013-12-17 Release 0.5.1
Features:
- Update default version of wordpress to install to 3.8
- Add `wordpress::wp_proxy_host` and `wordpress::wp_proxy_port` for proxying
plugin installation.
- Add `wordpress::wp_mulitsite` and `wordpress::wp_multisite` to enable
multisite support
- Update to work with latest 2.x puppetlabs-mysql
- Update to work with latest 1.x puppetlabs-concat
- Add rspec-system integration testing, travis testing, and autopublish
Bugfixes:
- Fix ownership during installation to reduce log output and increase
idempotency.
2013-12-17 Release 0.5.0
This release is invalid and was removed.
2013-09-19 Release 0.4.2
Bugfixes:
- Correct Modulefile module name
2013-09-19 Release 0.4.1
Bugfixes:
- Escape \'s in the salt
2013-06-17 Release 0.4.0
Features:
- Add `wordpress::wp_lang` parameter
- Add `wordpress::wp_plugin_dir` parameter
Bugfixes:
- Add class anchors
- Conditionalize directory management
- Fix `@db_host` template variable
2012-12-31 Release 0.2.3
Changes:
- Remove Apache php configuration; that responsibility falls outside of this module.
2012-12-28 Release 0.2.2
Bugfixes:
- Pass required parameters
2012-12-28 Release 0.2.1
Bugfixes:
- Remove extraneous files from module.
2012-12-28 Release 0.2.0
Changes:
- Add `install_url` parameter to download tarball from other location
2012-12-28 Release 0.1.0
- Initial rewrite from jonhadfield/master

126
modules/vulnerabilities/unix/webapp/wordpress/Gemfile Normal file
View File

@@ -0,0 +1,126 @@
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
def location_for(place_or_version, fake_version = nil)
if place_or_version =~ %r{\A(git[:@][^#]*)#(.*)}
[fake_version, { git: Regexp.last_match(1), branch: Regexp.last_match(2), require: false }].compact
elsif place_or_version =~ %r{\Afile:\/\/(.*)}
['>= 0', { path: File.expand_path(Regexp.last_match(1)), require: false }]
else
[place_or_version, { require: false }]
end
end
def gem_type(place_or_version)
if place_or_version =~ %r{\Agit[:@]}
:git
elsif !place_or_version.nil? && place_or_version.start_with?('file:')
:file
else
:gem
end
end
ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments
minor_version = ruby_version_segments[0..1].join('.')
group :development do
gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0')
gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
end
puppet_version = ENV['PUPPET_GEM_VERSION']
puppet_type = gem_type(puppet_version)
facter_version = ENV['FACTER_GEM_VERSION']
hiera_version = ENV['HIERA_GEM_VERSION']
def puppet_older_than?(version)
puppet_version = ENV['PUPPET_GEM_VERSION']
!puppet_version.nil? &&
Gem::Version.correct?(puppet_version) &&
Gem::Requirement.new("< #{version}").satisfied_by?(Gem::Version.new(puppet_version.dup))
end
gems = {}
gems['puppet'] = location_for(puppet_version)
# If facter or hiera versions have been specified via the environment
# variables, use those versions. If not, and if the puppet version is < 3.5.0,
# use known good versions of both for puppet < 3.5.0.
if facter_version
gems['facter'] = location_for(facter_version)
elsif puppet_type == :gem && puppet_older_than?('3.5.0')
gems['facter'] = ['>= 1.6.11', '<= 1.7.5', require: false]
end
if hiera_version
gems['hiera'] = location_for(ENV['HIERA_GEM_VERSION'])
elsif puppet_type == :gem && puppet_older_than?('3.5.0')
gems['hiera'] = ['>= 1.0.0', '<= 1.3.0', require: false]
end
if Gem.win_platform? && (puppet_type != :gem || puppet_older_than?('3.5.0'))
# For Puppet gems < 3.5.0 (tested as far back as 3.0.0) on Windows
if puppet_type == :gem
gems['ffi'] = ['1.9.0', require: false]
gems['minitar'] = ['0.5.4', require: false]
gems['win32-eventlog'] = ['0.5.3', '<= 0.6.5', require: false]
gems['win32-process'] = ['0.6.5', '<= 0.7.5', require: false]
gems['win32-security'] = ['~> 0.1.2', '<= 0.2.5', require: false]
gems['win32-service'] = ['0.7.2', '<= 0.8.8', require: false]
else
gems['ffi'] = ['~> 1.9.0', require: false]
gems['minitar'] = ['~> 0.5.4', require: false]
gems['win32-eventlog'] = ['~> 0.5', '<= 0.6.5', require: false]
gems['win32-process'] = ['~> 0.6', '<= 0.7.5', require: false]
gems['win32-security'] = ['~> 0.1', '<= 0.2.5', require: false]
gems['win32-service'] = ['~> 0.7', '<= 0.8.8', require: false]
end
gems['win32-dir'] = ['~> 0.3', '<= 0.4.9', require: false]
if RUBY_VERSION.start_with?('1.')
gems['win32console'] = ['1.3.2', require: false]
# sys-admin was removed in Puppet 3.7.0 and doesn't compile under Ruby 2.x
gems['sys-admin'] = ['1.5.6', require: false]
end
# Puppet < 3.7.0 requires these.
# Puppet >= 3.5.0 gem includes these as requirements.
# The following versions are tested to work with 3.0.0 <= puppet < 3.7.0.
gems['win32-api'] = ['1.4.8', require: false]
gems['win32-taskscheduler'] = ['0.2.2', require: false]
gems['windows-api'] = ['0.4.3', require: false]
gems['windows-pr'] = ['1.2.3', require: false]
elsif Gem.win_platform?
# If we're using a Puppet gem on Windows which handles its own win32-xxx gem
# dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
gems['win32-dir'] = ['<= 0.4.9', require: false]
gems['win32-eventlog'] = ['<= 0.6.5', require: false]
gems['win32-process'] = ['<= 0.7.5', require: false]
gems['win32-security'] = ['<= 0.2.5', require: false]
gems['win32-service'] = ['<= 0.8.8', require: false]
end
gems.each do |gem_name, gem_params|
gem gem_name, *gem_params
end
# Evaluate Gemfile.local and ~/.gemfile if they exist
extra_gemfiles = [
"#{__FILE__}.local",
File.join(Dir.home, '.gemfile'),
]
extra_gemfiles.each do |gemfile|
if File.file?(gemfile) && File.readable?(gemfile)
eval(File.read(gemfile), binding)
end
end
# vim: syntax=ruby

13
modules/vulnerabilities/unix/webapp/wordpress/Modulefile Normal file
View File

@@ -0,0 +1,13 @@
name 'hunner-wordpress'
version '1.0.0'
source 'https://github.com/hunner/puppet-wordpress'
author 'Hunter Haugen'
license 'Apache2'
summary 'Puppet module to set up an instance of wordpress'
description 'Installs wordpress and required mysql db/user.'
project_page 'https://github.com/hunner/puppet-wordpress'
## Add dependencies, if any:
#dependency 'puppetlabs/concat', '>= 1.0.0'
#dependency 'puppetlabs/mysql', '>= 2.1.0'
#dependency 'puppetlabs/stdlib', '>= 2.3.1'

215
modules/vulnerabilities/unix/webapp/wordpress/README.markdown Normal file
View File

@@ -0,0 +1,215 @@
# WordPress Module
## Overview
This will set up one or more installations of Wordpress 3.8 on Debian and Redhat style distributions.
## Capabilities
#### Installation includes:
- Configuration of WordPress DB connection parameters
- Generate secure keys and salts for `wp-config.php`.
- Optional creation of MySQL database/user/permissions.
#### Requires:
- Configuration of php-enabled webserver
- Configuration MySQL server
- PHP 5.3 or greater
- User specified by `wp_owner` must exist
## Parameters
### Class wordpress
* `install_dir`<br />
Specifies the directory into which wordpress should be installed. Default: `/opt/wordpress`
* `install_url`<br />
Specifies the url from which the wordpress tarball should be downloaded. Default: `http://wordpress.org`
* `version`<br />
Specifies the version of wordpress to install. Default: `3.8`
* `create_db`<br />
Specifies whether to create the db or not. Default: `true`
* `create_db_user`<br />
Specifies whether to create the db user or not. Default: `true`
* `db_name`<br />
Specifies the database name which the wordpress module should be configured to use. Default: `wordpress`
* `db_host`<br />
Specifies the database host to connect to. Default: `localhost`
* `db_user`<br />
Specifies the database user. Default: `wordpress`
* `db_password`<br />
Specifies the database user's password in plaintext. Default: `password`
* `wp_owner`<br />
Specifies the owner of the wordpress files. You must ensure this user exists as this module does not attempt to create it if missing. Default: `root`
* `wp_group`<br />
Specifies the group of the wordpress files. Default: `0` (\*BSD/Darwin compatible GID)
* `wp_lang`<br />
WordPress Localized Language. Default: ''
* `wp_plugin_dir`<br />
WordPress Plugin Directory. Full path, no trailing slash. Default: WordPress Default
* `wp_additional_config`<br />
Specifies a template to include near the end of the wp-config.php file to add additional options. Default: ''
* `wp_config_content`<br />
Specifies the entire content for wp-config.php. This causes many of the other parameters to be ignored and allows an entirely custom config to be passed. It is recommended to use `wp_additional_config` instead of this parameter when possible.
* `wp_table_prefix`<br />
Specifies the database table prefix. Default: wp_
* `wp_proxy_host`<br />
Specifies a Hostname or IP of a proxy server for Wordpress to use to install updates, plugins, etc. Default: ''
* `wp_proxy_port`<br />
Specifies the port to use with the proxy host. Default: ''
* `wp_site_url`<br />
If your WordPress server is behind a proxy, you might need to set the WP_SITEURL with this parameter. Default: 'undef'
* `wp_multisite`<br />
Specifies whether to enable the multisite feature. Requires `wp_site_domain` to also be passed. Default: `false`
* `wp_site_domain`<br />
Specifies the `DOMAIN_CURRENT_SITE` value that will be used when configuring multisite. Typically this is the address of the main wordpress instance. Default: ''
* `wp_debug`<br />
Specifies the `WP_DEBUG` value that will control debugging. This must be true if you use the next two debug extensions. Default: 'false'
* `wp_debug_log`<br />
Specifies the `WP_DEBUG_LOG` value that extends debugging to cause all errors to also be saved to a debug.log logfile insdie the /wp-content/ directory. Default: 'false'
* `wp_debug_display`<br />
Specifies the `WP_DEBUG_DISPLAY` value that extends debugging to cause debug messages to be shown inline, in HTML pages. Default: 'false'
### Define wordpress::instance
* The parameters for `wordpress::instance` is exactly the same as the class `wordpress` except as noted below.
* The title will be used as the default value for `install_dir` unless otherwise specified.
* The `db_name` and `db_user` parameters are required.
### Other classes and defines
The classes `wordpress::app` and `wordpress::db` and defines `wordpress::instance::app` and `wordpress::instance::db` are technically private, but any PRs which add documentation and tests so that they may be made public for multi-node deployments are welcome!
## Example Usage
Default single deployment (insecure; default passwords and installed as root):
```puppet
class { 'wordpress': }
```
Basic deployment (secure database password, installed as `wordpress` user/group. NOTE: in this example you must ensure the `wordpress` user already exists):
```puppet
class { 'wordpress':
wp_owner => 'wordpress',
wp_group => 'wordpress',
db_user => 'wordpress',
db_password => 'hvyH(S%t(\"0\"16',
}
```
Basic deployment of multiple instances (secure database password, installed as `wordpress` user/group):
```puppet
wordpress::instance { '/opt/wordpress1':
wp_owner => 'wordpress1',
wp_group => 'wordpress1',
db_user => 'wordpress1',
db_name => 'wordpress1',
db_password => 'hvyH(S%t(\"0\"16',
}
wordpress::instance { '/opt/wordpress2':
wp_owner => 'wordpress2',
wp_group => 'wordpress2',
db_user => 'wordpress2',
db_name => 'wordpress2',
db_password => 'bb69381b4b9de3a232',
}
```
Externally hosted MySQL DB:
```puppet
class { 'wordpress':
db_user => 'wordpress',
db_password => 'hvyH(S%t(\"0\"16',
db_host => 'db.example.com',
}
```
Disable module's database/user creation (the database and db user must still exist with correct permissions):
```puppet
class { 'wordpress':
db_user => 'wordpress',
db_password => 'hvyH(S%t(\"0\"16',
create_db => false,
create_db_user => false,
}
```
Install specific version of WordPress:
```puppet
class { 'wordpress':
version => '3.4',
}
```
Install WordPress to a specific directory:
```puppet
class { 'wordpress':
install_dir => '/var/www/wordpress',
}
```
Download `wordpress-${version}.tar.gz` from an internal server:
```puppet
class { 'wordpress':
install_url => 'http://internal.example.com/software',
}
```
Configure wordpress to download updates and plugins through a proxy:
```puppet
class { 'wordpress':
proxy_host => 'http://my.proxy.corp.com',
proxy_port => '8080',
}
```
Enable the multisite wordpress feature:
```puppet
class { 'wordpress':
wp_multisite => true,
wp_site_domain => 'blog.domain.com',
}
```
Add custom configuration to wp-config.php:
```puppet
class { 'wordpress':
wp_additional_config => 'foo/wp-config-extra.php.erb',
}
```

2
modules/vulnerabilities/unix/webapp/wordpress/Rakefile Normal file
View File

@@ -0,0 +1,2 @@
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'

57
modules/vulnerabilities/unix/webapp/wordpress/appveyor.yml Normal file
View File

@@ -0,0 +1,57 @@
version: 1.1.x.{build}
skip_commits:
message: /^\(?doc\)?.*/
clone_depth: 10
init:
- SET
- 'mkdir C:\ProgramData\PuppetLabs\code && exit 0'
- 'mkdir C:\ProgramData\PuppetLabs\facter && exit 0'
- 'mkdir C:\ProgramData\PuppetLabs\hiera && exit 0'
- 'mkdir C:\ProgramData\PuppetLabs\puppet\var && exit 0'
environment:
matrix:
-
RUBY_VERSION: 24-x64
CHECK: syntax lint
-
RUBY_VERSION: 24-x64
CHECK: metadata_lint
-
RUBY_VERSION: 24-x64
CHECK: rubocop
-
PUPPET_GEM_VERSION: ~> 4.0
RUBY_VERSION: 21
CHECK: spec
-
PUPPET_GEM_VERSION: ~> 4.0
RUBY_VERSION: 21-x64
CHECK: spec
-
PUPPET_GEM_VERSION: ~> 5.0
RUBY_VERSION: 24
CHECK: spec
-
PUPPET_GEM_VERSION: ~> 5.0
RUBY_VERSION: 24-x64
CHECK: spec
matrix:
fast_finish: true
install:
- set PATH=C:\Ruby%RUBY_VERSION%\bin;%PATH%
- bundle install --jobs 4 --retry 2 --without system_tests
- type Gemfile.lock
build: off
test_script:
- bundle exec puppet -V
- ruby -v
- gem -v
- bundle -v
- bundle exec rake %CHECK%
notifications:
- provider: Email
to:
- nobody@nowhere.com
on_build_success: false
on_build_failure: false
on_build_status_changed: false

48
modules/vulnerabilities/unix/webapp/wordpress/manifests/app.pp Normal file
View File

@@ -0,0 +1,48 @@
class wordpress::app (
$install_dir,
$install_url,
$version,
$db_name,
$db_host,
$db_user,
$db_password,
$wp_owner,
$wp_group,
$wp_lang,
$wp_config_content,
$wp_plugin_dir,
$wp_additional_config,
$wp_table_prefix,
$wp_proxy_host,
$wp_proxy_port,
$wp_site_url,
$wp_multisite,
$wp_site_domain,
$wp_debug,
$wp_debug_log,
$wp_debug_display,
) {
wordpress::instance::app { $install_dir:
install_dir => $install_dir,
install_url => $install_url,
version => $version,
db_name => $db_name,
db_host => $db_host,
db_user => $db_user,
db_password => $db_password,
wp_owner => $wp_owner,
wp_group => $wp_group,
wp_lang => $wp_lang,
wp_plugin_dir => $wp_plugin_dir,
wp_additional_config => $wp_additional_config,
wp_table_prefix => $wp_table_prefix,
wp_proxy_host => $wp_proxy_host,
wp_proxy_port => $wp_proxy_port,
wp_site_url => $wp_site_url,
wp_multisite => $wp_multisite,
wp_site_domain => $wp_site_domain,
wp_debug => $wp_debug,
wp_debug_log => $wp_debug_log,
wp_debug_display => $wp_debug_display,
}
}

17
modules/vulnerabilities/unix/webapp/wordpress/manifests/db.pp Normal file
View File

@@ -0,0 +1,17 @@
class wordpress::db (
$create_db,
$create_db_user,
$db_name,
$db_host,
$db_user,
$db_password,
) {
wordpress::instance::db { "${db_host}/${db_name}":
create_db => $create_db,
create_db_user => $create_db_user,
db_name => $db_name,
db_host => $db_host,
db_user => $db_user,
db_password => $db_password,
}
}

139
modules/vulnerabilities/unix/webapp/wordpress/manifests/init.pp Normal file
View File

@@ -0,0 +1,139 @@
# == Class: wordpress
#
# This module manages wordpress
#
# === Parameters
#
# [*install_dir*]
# Specifies the directory into which wordpress should be installed. Default:
# /opt/wordpress
#
# [*install_url*]
# Specifies the url from which the wordpress tarball should be downloaded.
# Default: http://wordpress.org
#
# [*version*]
# Specifies the version of wordpress to install. Default: 3.8
#
# [*create_db*]
# Specifies whether to create the db or not. Default: true
#
# [*create_db_user*]
# Specifies whether to create the db user or not. Default: true
#
# [*db_name*]
# Specifies the database name which the wordpress module should be configured
# to use. Default: wordpress
#
# [*db_host*]
# Specifies the database host to connect to. Default: localhost
#
# [*db_user*]
# Specifies the database user. Default: wordpress
#
# [*db_password*]
# Specifies the database user's password in plaintext. Default: password
#
# [*wp_owner*]
# Specifies the owner of the wordpress files. You must ensure this user
# exists as this module does not attempt to create it if missing. Default:
# root
#
# [*wp_group*]
# Specifies the group of the wordpress files. Default: 0 (*BSD/Darwin
# compatible GID)
#
# [*wp_lang*]
# WordPress Localized Language. Default: ''
#
#
# [*wp_plugin_dir*]
# WordPress Plugin Directory. Full path, no trailing slash. Default: WordPress Default
#
# [*wp_additional_config*]
# Specifies a template to include near the end of the wp-config.php file to add additional options. Default: ''
#
# [*wp_table_prefix*]
# Specifies the database table prefix. Default: wp_
#
# [*wp_proxy_host*]
# Specifies a Hostname or IP of a proxy server for Wordpress to use to install updates, plugins, etc. Default: ''
#
# [*wp_proxy_port*]
# Specifies the port to use with the proxy host. Default: ''
#
# [*wp_site_url*]
# If your WordPress server is behind a proxy, you might need to set the WP_SITEURL with this parameter. Default: `undef`
#
# [*wp_multisite*]
# Specifies whether to enable the multisite feature. Requires `wp_site_domain` to also be passed. Default: `false`
#
# [*wp_site_domain*]
# Specifies the `DOMAIN_CURRENT_SITE` value that will be used when configuring multisite. Typically this is the address of the main wordpress instance. Default: ''
#
# [*wp_debug*]
# Specifies the `WP_DEBUG` value that will control debugging. This must be true if you use the next two debug extensions. Default: 'false'
#
# [*wp_debug_log*]
# Specifies the `WP_DEBUG_LOG` value that extends debugging to cause all errors to also be saved to a debug.log logfile insdie the /wp-content/ directory. Default: 'false'
#
# [*wp_debug_display*]
# Specifies the `WP_DEBUG_DISPLAY` value that extends debugging to cause debug messages to be shown inline, in HTML pages. Default: 'false'
#
# === Requires
#
# === Examples
#
class wordpress (
$install_dir = '/opt/wordpress',
$install_url = 'http://wordpress.org',
$version = '3.8',
$create_db = true,
$create_db_user = true,
$db_name = 'wordpress',
$db_host = 'localhost',
$db_user = 'wordpress',
$db_password = 'password',
$wp_owner = 'root',
$wp_group = '0',
$wp_lang = '',
$wp_config_content = undef,
$wp_plugin_dir = 'DEFAULT',
$wp_additional_config = 'DEFAULT',
$wp_table_prefix = 'wp_',
$wp_proxy_host = '',
$wp_proxy_port = '',
$wp_site_url = undef,
$wp_multisite = false,
$wp_site_domain = '',
$wp_debug = false,
$wp_debug_log = false,
$wp_debug_display = false,
) {
wordpress::instance { $install_dir:
install_dir => $install_dir,
install_url => $install_url,
version => $version,
create_db => $create_db,
create_db_user => $create_db_user,
db_name => $db_name,
db_host => $db_host,
db_user => $db_user,
db_password => $db_password,
wp_owner => $wp_owner,
wp_group => $wp_group,
wp_lang => $wp_lang,
wp_config_content => $wp_config_content,
wp_plugin_dir => $wp_plugin_dir,
wp_additional_config => $wp_additional_config,
wp_table_prefix => $wp_table_prefix,
wp_proxy_host => $wp_proxy_host,
wp_proxy_port => $wp_proxy_port,
wp_site_url => $wp_site_url,
wp_multisite => $wp_multisite,
wp_site_domain => $wp_site_domain,
wp_debug => $wp_debug,
wp_debug_log => $wp_debug_log,
wp_debug_display => $wp_debug_display,
}
}

135
modules/vulnerabilities/unix/webapp/wordpress/manifests/instance.pp Normal file
View File

@@ -0,0 +1,135 @@
# == Definition: wordpress::instance
#
# This module manages wordpress
#
# === Parameters
#
# [*install_dir*]
# Specifies the directory into which wordpress should be installed. Default:
# /opt/wordpress
#
# [*install_url*]
# Specifies the url from which the wordpress tarball should be downloaded.
# Default: http://wordpress.org
#
# [*version*]
# Specifies the version of wordpress to install. Default: 3.8
#
# [*create_db*]
# Specifies whether to create the db or not. Default: true
#
# [*create_db_user*]
# Specifies whether to create the db user or not. Default: true
#
# [*db_name*]
# Specifies the database name which the wordpress module should be configured
# to use. Required.
#
# [*db_host*]
# Specifies the database host to connect to. Default: localhost
#
# [*db_user*]
# Specifies the database user. Required.
#
# [*db_password*]
# Specifies the database user's password in plaintext. Default: password
#
# [*wp_owner*]
# Specifies the owner of the wordpress files. Default: root
#
# [*wp_group*]
# Specifies the group of the wordpress files. Default: 0 (*BSD/Darwin
# compatible GID)
#
# [*wp_lang*]
# WordPress Localized Language. Default: ''
#
#
# [*wp_plugin_dir*]
# WordPress Plugin Directory. Full path, no trailing slash. Default: WordPress Default
#
# [*wp_additional_config*]
# Specifies a template to include near the end of the wp-config.php file to add additional options. Default: ''
#
# [*wp_table_prefix*]
# Specifies the database table prefix. Default: wp_
#
# [*wp_proxy_host*]
# Specifies a Hostname or IP of a proxy server for Wordpress to use to install updates, plugins, etc. Default: ''
#
# [*wp_proxy_port*]
# Specifies the port to use with the proxy host. Default: ''
#
# [*wp_site_url*]
# If your WordPress server is behind a proxy, you might need to set the WP_SITEURL with this parameter. Default: `undef`
#
# [*wp_multisite*]
# Specifies whether to enable the multisite feature. Requires `wp_site_domain` to also be passed. Default: `false`
#
# [*wp_site_domain*]
# Specifies the `DOMAIN_CURRENT_SITE` value that will be used when configuring multisite. Typically this is the address of the main wordpress instance. Default: ''
#
# === Requires
#
# === Examples
#
define wordpress::instance (
$db_name,
$db_user,
$install_dir = $title,
$install_url = 'http://wordpress.org',
$version = '3.8',
$create_db = true,
$create_db_user = true,
$db_host = 'localhost',
$db_password = 'password',
$wp_owner = 'root',
$wp_group = '0',
$wp_lang = '',
$wp_config_content = undef,
$wp_plugin_dir = 'DEFAULT',
$wp_additional_config = 'DEFAULT',
$wp_table_prefix = 'wp_',
$wp_proxy_host = '',
$wp_proxy_port = '',
$wp_site_url = undef,
$wp_multisite = false,
$wp_site_domain = '',
$wp_debug = false,
$wp_debug_log = false,
$wp_debug_display = false,
) {
wordpress::instance::app { $install_dir:
install_dir => $install_dir,
install_url => $install_url,
version => $version,
db_name => $db_name,
db_host => $db_host,
db_user => $db_user,
db_password => $db_password,
wp_owner => $wp_owner,
wp_group => $wp_group,
wp_lang => $wp_lang,
wp_config_content => $wp_config_content,
wp_plugin_dir => $wp_plugin_dir,
wp_additional_config => $wp_additional_config,
wp_table_prefix => $wp_table_prefix,
wp_proxy_host => $wp_proxy_host,
wp_proxy_port => $wp_proxy_port,
wp_site_url => $wp_site_url,
wp_multisite => $wp_multisite,
wp_site_domain => $wp_site_domain,
wp_debug => $wp_debug,
wp_debug_log => $wp_debug_log,
wp_debug_display => $wp_debug_display,
}
wordpress::instance::db { "${db_host}/${db_name}":
create_db => $create_db,
create_db_user => $create_db_user,
db_name => $db_name,
db_host => $db_host,
db_user => $db_user,
db_password => $db_password,
}
}

146
modules/vulnerabilities/unix/webapp/wordpress/manifests/instance/app.pp Normal file
View File

@@ -0,0 +1,146 @@
define wordpress::instance::app (
$install_dir,
$install_url,
$version,
$db_name,
$db_host,
$db_user,
$db_password,
$wp_owner,
$wp_group,
$wp_lang,
$wp_config_content,
$wp_plugin_dir,
$wp_additional_config,
$wp_table_prefix,
$wp_proxy_host,
$wp_proxy_port,
$wp_site_url,
$wp_multisite,
$wp_site_domain,
$wp_debug,
$wp_debug_log,
$wp_debug_display,
) {
validate_string($install_dir,$install_url,$version,$db_name,$db_host,$db_user,$db_password,$wp_owner,$wp_group, $wp_lang, $wp_plugin_dir,$wp_additional_config,$wp_table_prefix,$wp_proxy_host,$wp_proxy_port,$wp_site_domain)
validate_bool($wp_multisite, $wp_debug, $wp_debug_log, $wp_debug_display)
validate_absolute_path($install_dir)
if $wp_config_content and ($wp_lang or $wp_debug or $wp_debug_log or $wp_debug_display or $wp_proxy_host or $wp_proxy_port or $wp_multisite or $wp_site_domain) {
warning('When $wp_config_content is set, the following parameters are ignored: $wp_table_prefix, $wp_lang, $wp_debug, $wp_debug_log, $wp_debug_display, $wp_plugin_dir, $wp_proxy_host, $wp_proxy_port, $wp_multisite, $wp_site_domain, $wp_additional_config')
}
if $wp_multisite and ! $wp_site_domain {
fail('wordpress class requires `wp_site_domain` parameter when `wp_multisite` is true')
}
if $wp_debug_log and ! $wp_debug {
fail('wordpress class requires `wp_debug` parameter to be true, when `wp_debug_log` is true')
}
if $wp_debug_display and ! $wp_debug {
fail('wordpress class requires `wp_debug` parameter to be true, when `wp_debug_display` is true')
}
## Resource defaults
File {
owner => $wp_owner,
group => $wp_group,
mode => '0644',
}
Exec {
path => ['/bin','/sbin','/usr/bin','/usr/sbin'],
cwd => $install_dir,
logoutput => 'on_failure',
}
## Installation directory
if ! defined(File[$install_dir]) {
file { $install_dir:
ensure => directory,
recurse => true,
}
} else {
notice("Warning: cannot manage the permissions of ${install_dir}, as another resource (perhaps apache::vhost?) is managing it.")
}
## tar.gz. file name lang-aware
if $wp_lang and $wp_lang != '' {
$install_file_name = "wordpress-${version}-${wp_lang}.tar.gz"
} else {
$install_file_name = "wordpress-${version}.tar.gz"
}
## Download and extract
exec { "Download wordpress ${install_url}/wordpress-${version}.tar.gz to ${install_dir}":
command => "wget ${install_url}/${install_file_name}",
creates => "${install_dir}/${install_file_name}",
require => File[$install_dir],
user => $wp_owner,
group => $wp_group,
}
-> exec { "Extract wordpress ${install_dir}":
command => "tar zxvf ./${install_file_name} --strip-components=1",
creates => "${install_dir}/index.php",
user => $wp_owner,
group => $wp_group,
}
~> exec { "Change ownership ${install_dir}":
command => "chown -R ${wp_owner}:${wp_group} ${install_dir}",
refreshonly => true,
user => $wp_owner,
group => $wp_group,
}
## Configure wordpress
#
concat { "${install_dir}/wp-config.php":
owner => $wp_owner,
group => $wp_group,
mode => '0755',
require => Exec["Extract wordpress ${install_dir}"],
}
if $wp_config_content {
concat::fragment { "${install_dir}/wp-config.php body":
target => "${install_dir}/wp-config.php",
content => $wp_config_content,
order => '20',
}
} else {
# Template uses no variables
file { "${install_dir}/wp-keysalts.php":
ensure => present,
content => template('wordpress/wp-keysalts.php.erb'),
replace => false,
require => Exec["Extract wordpress ${install_dir}"],
}
concat::fragment { "${install_dir}/wp-config.php keysalts":
target => "${install_dir}/wp-config.php",
source => "${install_dir}/wp-keysalts.php",
order => '10',
require => File["${install_dir}/wp-keysalts.php"],
}
# Template uses:
# - $db_name
# - $db_user
# - $db_password
# - $db_host
# - $wp_table_prefix
# - $wp_lang
# - $wp_plugin_dir
# - $wp_proxy_host
# - $wp_proxy_port
# - $wp_site_url
# - $wp_multisite
# - $wp_site_domain
# - $wp_additional_config
# - $wp_debug
# - $wp_debug_log
# - $wp_debug_display
concat::fragment { "${install_dir}/wp-config.php body":
target => "${install_dir}/wp-config.php",
content => template('wordpress/wp-config.php.erb'),
order => '20',
}
}
}

30
modules/vulnerabilities/unix/webapp/wordpress/manifests/instance/db.pp Normal file
View File

@@ -0,0 +1,30 @@
define wordpress::instance::db (
$create_db,
$create_db_user,
$db_name,
$db_host,
$db_user,
$db_password,
) {
validate_bool($create_db,$create_db_user)
validate_string($db_name,$db_host,$db_user,$db_password)
## Set up DB using puppetlabs-mysql defined type
if $create_db {
mysql_database { "${db_host}/${db_name}":
name => $db_name,
charset => 'utf8',
}
}
if $create_db_user {
mysql_user { "${db_user}@${db_host}":
password_hash => mysql_password($db_password),
}
mysql_grant { "${db_user}@${db_host}/${db_name}.*":
table => "${db_name}.*",
user => "${db_user}@${db_host}",
privileges => ['ALL'],
}
}
}

61
modules/vulnerabilities/unix/webapp/wordpress/metadata.json Normal file
View File

@@ -0,0 +1,61 @@
{
"name": "hunner-wordpress",
"version": "1.0.0",
"author": "Hunter Haugen",
"summary": "Puppet module to set up an instance of wordpress; and optionally a mysql db/user.",
"license": "Apache-2.0",
"source": "https://github.com/hunner/puppet-wordpress",
"dependencies": [
// {"name":"puppetlabs/concat", "version_requirement":">= 1.0.0"},
// {"name":"puppetlabs/mysql", "version_requirement":">= 2.1.0"},
// {"name":"puppetlabs/stdlib", "version_requirement":">= 2.3.1"}
],
"operatingsystem_support": [
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "OracleLinux",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"7"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"8"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"16.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 4.7.0 < 6.0.0"
}
],
"pdk-version": "1.4.1",
"template-url": "https://github.com/puppetlabs/pdk-templates",
"template-ref": "1.4.1-0-g52adbbb"
}

61
modules/vulnerabilities/unix/webapp/wordpress/secgen_metadata.xml Normal file
View File

@@ -0,0 +1,61 @@
<?xml version="1.0"?>
<vulnerability xmlns="http://www.github/cliffe/SecGen/vulnerability"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/vulnerability">
<name>wordpress</name>
<author>Thomas Shaw</author>
<module_license>MIT</module_license>
<description>wordpress</description>
<type>webapp</type>
<privilege>info_leak</privilege>
<access>remote</access>
<platform>linux</platform>
<read_fact>port</read_fact>
<read_fact>dbname</read_fact>
<read_fact>dbhost</read_fact>
<read_fact>dbuser</read_fact>
<read_fact>dbpass</read_fact>
<default_input into="port">
<value>80</value>
</default_input>
<default_input into="dbname">
<value>userspice</value>
</default_input>
<default_input into="dbhost">
<value>localhost</value>
</default_input>
<default_input into="dbuser">
<value>userspice</value>
</default_input>
<default_input into="dbpass">
<generator type="password_generator"/>
</default_input>
<reference>https://www.exploit-db.com/exploits/44101/</reference>
<hint>The authors of this website forgot to sanitise their database inputs!</hint>
<conflict>
<name>Wheezy</name>
</conflict>
<requires>
<module_path>.*/handy_cli_tools</module_path>
</requires>
<requires>
<module_path>.*/apache_kali.*</module_path>
</requires>
<requires>
<module_path>.*/mysql</module_path>
</requires>
</vulnerability>

15
modules/vulnerabilities/unix/webapp/wordpress/spec/acceptance/nodesets/centos-6-vcloud.yml Normal file
View File

@@ -0,0 +1,15 @@
HOSTS:
'centos-6-vcloud':
roles:
- master
platform: el-6-x86_64
hypervisor: vcloud
template: centos-6-x86_64
CONFIG:
type: foss
ssh:
keys: "~/.ssh/id_rsa-acceptance"
datastore: instance0
folder: Delivery/Quality Assurance/Enterprise/Dynamic
resourcepool: delivery/Quality Assurance/Enterprise/Dynamic
pooling_api: http://vcloud.delivery.puppetlabs.net/

102
modules/vulnerabilities/unix/webapp/wordpress/spec/acceptance/wordpress_spec.rb Normal file
View File

@@ -0,0 +1,102 @@
require 'spec_helper_acceptance'
describe "setting up a wordpress instance" do
it 'deploys a wordpress instance' do
pp = %{
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'mysql::server': }
class { 'mysql::bindings': php_enable => true, }
host { 'wordpress.localdomain': ip => '127.0.0.1', }
apache::vhost { 'wordpress.localdomain':
docroot => '/opt/wordpress',
port => '80',
}
class { 'wordpress':
install_dir => '/opt/wordpress/blog',
require => Class['mysql::server'],
}
}
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
expect(shell("/usr/bin/curl wordpress.localdomain:80/blog/wp-admin/install.php").stdout).to match(/Install WordPress/)
end
it 'deploys two wordpress instances' do
pp = %{
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'mysql::server': }
class { 'mysql::bindings': php_enable => true, }
host { 'wordpress1.localdomain': ip => '127.0.0.1', }
host { 'wordpress2.localdomain': ip => '127.0.0.1', }
apache::vhost { 'wordpress1.localdomain':
docroot => '/opt/wordpress1',
port => '80',
}
apache::vhost { 'wordpress2.localdomain':
docroot => '/opt/wordpress2',
port => '80',
}
wordpress::instance { '/opt/wordpress1/blog':
db_name => 'wordpress1',
db_user => 'wordpress1',
require => Class['mysql::server'],
}
wordpress::instance { '/opt/wordpress2/blog':
db_name => 'wordpress2',
db_user => 'wordpress2',
require => Class['mysql::server'],
}
}
expect(apply_manifest(pp, :catch_failures => true).stderr).to eq("")
expect(apply_manifest(pp, :catch_changes => true).stderr).to eq("")
expect(shell("/usr/bin/curl wordpress1.localdomain:80/blog/wp-admin/install.php").stdout).to match(/Install WordPress/)
expect(shell("/usr/bin/curl wordpress2.localdomain:80/blog/wp-admin/install.php").stdout).to match(/Install WordPress/)
end
it 'deploys a wordpress instance as the httpd user with a secure DB password and a specific location' do
pp = %{
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'mysql::server': }
class { 'mysql::bindings::php': }
apache::vhost { 'wordpress.localdomain':
docroot => '/var/www/wordpress',
port => '80',
}
class { 'wordpress':
install_dir => '/var/www/wordpress/blog',
wp_owner => $apache::user,
wp_group => $apache::group,
db_name => 'wordpress',
db_host => 'localhost',
db_user => 'wordpress',
db_password => 'hvyH(S%t(\"0\"16',
}
}
pending
end
it 'deploys a wordpress instance with a remote DB'
it 'deploys a wordpress instance with a pre-existing DB'
it 'deploys a wordpress instance of a specific version'
it 'deploys a wordpress instance from an internal server'
end

36
modules/vulnerabilities/unix/webapp/wordpress/spec/classes/wordpress_spec.rb Normal file
View File

@@ -0,0 +1,36 @@
require 'spec_helper'
describe 'wordpress', :type => :class do
context "on a RedHat 5 OS" do
let :facts do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '5',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress") }
it { should contain_wordpress__instance__db("localhost/wordpress") }
end
context "on a RedHat 6 OS" do
let :facts do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress") }
it { should contain_wordpress__instance__db("localhost/wordpress") }
end
context "on a Debian OS" do
let :facts do
{
:osfamily => 'Debian',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress") }
it { should contain_wordpress__instance__db("localhost/wordpress") }
end
end

8
modules/vulnerabilities/unix/webapp/wordpress/spec/default_facts.yml Normal file
View File

@@ -0,0 +1,8 @@
# Use default_module_facts.yml for module specific facts.
#
# Facts specified here will override the values provided by rspec-puppet-facts.
---
concat_basedir: "/tmp"
ipaddress: "172.16.254.254"
is_pe: false
macaddress: "AA:AA:AA:AA:AA:AA"

45
modules/vulnerabilities/unix/webapp/wordpress/spec/defines/wordpress_spec.rb Normal file
View File

@@ -0,0 +1,45 @@
require 'spec_helper'
describe 'wordpress::instance', :type => :define do
let :title do
'/opt/wordpress2'
end
let :params do
{
:db_user => 'test',
:db_name => 'test'
}
end
context "on a RedHat 5 OS" do
let :facts do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '5',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress2") }
it { should contain_wordpress__instance__db("localhost/test") }
end
context "on a RedHat 6 OS" do
let :facts do
{
:osfamily => 'RedHat',
:lsbmajdistrelease => '6',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress2") }
it { should contain_wordpress__instance__db("localhost/test") }
end
context "on a Debian OS" do
let :facts do
{
:osfamily => 'Debian',
:concat_basedir => '/dne',
}
end
it { should contain_wordpress__instance__app("/opt/wordpress2") }
it { should contain_wordpress__instance__db("localhost/test") }
end
end

4
modules/vulnerabilities/unix/webapp/wordpress/spec/spec.opts Normal file
View File

@@ -0,0 +1,4 @@
--format s
--colour
--loadby mtime
--backtrace

30
modules/vulnerabilities/unix/webapp/wordpress/spec/spec_helper.rb Normal file
View File

@@ -0,0 +1,30 @@
require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts'
begin
require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
rescue LoadError => loaderror
warn "Could not require spec_helper_local: #{loaderror.message}"
end
include RspecPuppetFacts
default_facts = {
puppetversion: Puppet.version,
facterversion: Facter.version,
}
default_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_facts.yml'))
default_module_facts_path = File.expand_path(File.join(File.dirname(__FILE__), 'default_module_facts.yml'))
if File.exist?(default_facts_path) && File.readable?(default_facts_path)
default_facts.merge!(YAML.safe_load(File.read(default_facts_path)))
end
if File.exist?(default_module_facts_path) && File.readable?(default_module_facts_path)
default_facts.merge!(YAML.safe_load(File.read(default_module_facts_path)))
end
RSpec.configure do |c|
c.default_facts = default_facts
end

35
modules/vulnerabilities/unix/webapp/wordpress/spec/spec_helper_acceptance.rb Normal file
View File

@@ -0,0 +1,35 @@
require 'beaker-rspec/spec_helper'
require 'beaker-rspec/helpers/serverspec'
unless ENV['RS_PROVISION'] == 'no' or ENV['BEAKER_provision'] == 'no'
if hosts.first.is_pe?
install_pe
else
install_puppet({ :version => '3.6.2',
:facter_version => '2.1.0',
:hiera_version => '1.3.4',
:default_action => 'gem_install' })
hosts.each {|h| on h, "/bin/echo '' > #{h['hieraconf']}" }
end
hosts.each do |host|
on host, "mkdir -p #{host['distmoduledir']}"
on host, puppet('module','install','puppetlabs-stdlib'), :acceptable_exit_codes => [0,1]
on host, puppet('module','install','puppetlabs-concat'), :acceptable_exit_codes => [0,1]
on host, puppet('module','install','puppetlabs-mysql' ), :acceptable_exit_codes => [0,1]
on host, puppet('module','install','puppetlabs-apache'), :acceptable_exit_codes => [0,1]
end
end
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Readable test descriptions
c.formatter = :documentation
# Configure all nodes in nodeset
c.before :suite do
# Install module and dependencies
puppet_module_install(:source => proj_root, :module_name => 'wordpress')
end
end

114
modules/vulnerabilities/unix/webapp/wordpress/templates/wp-config.php.erb Normal file
View File

@@ -0,0 +1,114 @@
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', '<%= @db_name %>');
/** MySQL database username */
define('DB_USER', '<%= @db_user %>');
/** MySQL database password */
define('DB_PASSWORD', '<%= @db_password %>');
/** MySQL hostname */
define('DB_HOST', '<%= @db_host %>');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = '<%= @wp_table_prefix %>';
/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
* language support.
*/
define('WPLANG', '<%= @wp_lang %>');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* WP_DEBUG_LOG is a companion to WP_DEBUG that causes all errors to also be
* saved to a debug.log log file inside the /wp-content/ directory. This is
* useful if you want to review all notices later or need to view notices
* generated off-screen (e.g. during an AJAX request or wp-cron run).
*
* WP_DEBUG_DISPLAY is another companion to WP_DEBUG that controls whether
* debug messages are shown inside the HTML of pages or not. The default
* is 'true' which shows errors and warnings as they are generated. Setting
* this to false will hide all errors. This should be used in conjunction with
* WP_DEBUG_LOG so that errors can be reviewed later.
*/
define('WP_DEBUG', <%= @wp_debug %>);
define('WP_DEBUG_LOG', <%= @wp_debug_log %>);
define('WP_DEBUG_DISPLAY', <%= @wp_debug_display %>);
<% if @wp_plugin_dir != 'DEFAULT' %>
define('WP_PLUGIN_DIR', '<%= @wp_plugin_dir %>');
<% end %>
<% if @wp_proxy_host and ! @wp_proxy_host.empty? %>
/* Proxy Settings */
define('WP_PROXY_HOST', '<%= @wp_proxy_host %>');
<% if @wp_proxy_port and ! @wp_proxy_port.empty? %>
define('WP_PROXY_PORT', '<%= @wp_proxy_port %>');
<% end %>
<% end %>
<% if @wp_site_url %>
define('WP_SITEURL', '<%= @wp_site_url %>');
<% end %>
<% if @wp_multisite %>
/* Multisite */
define('WP_ALLOW_MULTISITE', true);
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', true);
define('DOMAIN_CURRENT_SITE', '<%= @wp_site_domain %>');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);
<% end %>
<% if @wp_additional_config != 'DEFAULT' -%>
<%= scope.function_template([@wp_additional_config]) %>
<% end -%>
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

21
modules/vulnerabilities/unix/webapp/wordpress/templates/wp-keysalts.php.erb Normal file
View File

@@ -0,0 +1,21 @@
<?php
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define('AUTH_KEY', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('SECURE_AUTH_KEY', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('LOGGED_IN_KEY', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('NONCE_KEY', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('AUTH_SALT', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('SECURE_AUTH_SALT', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('LOGGED_IN_SALT', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
define('NONCE_SALT', '<%= (1..50).map{(rand(86)+40).chr}.join.gsub(/\\/,'\&\&') %>');
/**#@-*/

7
modules/vulnerabilities/unix/webapp/wordpress/tests/init.pp Normal file
View File

@@ -0,0 +1,7 @@
class { 'wordpress':
install_dir => '/var/www/wordpress',
db_name => 'wordpress',
db_host => 'localhost',
db_user => 'wordpress',
db_password => 'insecure password',
}

16
modules/vulnerabilities/unix/webapp/wordpress/wordpress.pp Normal file
View File

@@ -0,0 +1,16 @@
class { 'apache':
mpm_module => 'prefork',
}
class { 'apache::mod::php': }
class { 'mysql::server': }
class { 'mysql::bindings': php_enable => true, }
apache::vhost { 'wordpress':
docroot => '/opt/wordpress',
port => '80',
}
class { 'wordpress':
# version => '3.4',
}