Merge pull request #926 from chef/security

Minor updates for the security cops
chef · Jan 14, 2022 · 5898671 · 5898671
2 parents 92ff94f + 4f86550
commit 5898671
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/.github/ISSUE_TEMPLATE/NEW_COP_REQUEST.md b/.github/ISSUE_TEMPLATE/NEW_COP_REQUEST.md
@@ -15,6 +15,7 @@ Please try to select as few as possible.
 - [ ] Chef/Modernize - A cop that alerts when a cookbook can be simplified or modernized with new functionality
 - [ ] Chef/Effortless - A cop that alerts on code that must be resolved to move to the Effortless pattern
 - [ ] Chef/RedundantCode - A cop that detects redundant code regardless of Chef Infra release
+- [ ] Chef/Security - A cop that detects potential security issues like secrets in your code
 - [ ] InSpec/Deprecations - A cop that alerts on a deprecation in the Chef InSpec 
 
 ### Describe the new cop:

diff --git a/lib/rubocop/cop/chef/security/ssh_private_key.rb b/lib/rubocop/cop/chef/security/ssh_private_key.rb
@@ -24,12 +24,10 @@ module Security
         # @example
         #
         #   #### incorrect
-        #   ```ruby
         #   file '/Users/bob_bobberson/.ssh/id_rsa' do
         #     content '-----BEGIN RSA PRIVATE KEY-----\n...\n-----END RSA PRIVATE KEY-----'
         #     mode '600'
         #   end
-        #   ```
         #
         class SshPrivateKey < Base
           MSG = 'Do not include plain text SSH private keys in your cookbook code. This sensitive data should be fetched from secrets management systems so that secrets are not uploaded in plain text to the Chef Infra Server or committed to source control systems.'