class RuboCop::Cop::Chef::Modernize::WindowsRegistryUAC

Chef Infra Client 15.0 and later includes a windows_uac resource that should be used to set Windows UAC values instead of setting registry keys directly.

@example

#### incorrect
registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' do
  values [{ name: 'EnableLUA', type: :dword, data: 0 },
          { name: 'PromptOnSecureDesktop', type: :dword, data: 0 },
          { name: 'ConsentPromptBehaviorAdmin', type: :dword, data: 0 },
         ]
  action :create
end

#### correct
windows_uac 'Set Windows UAC settings' do
  enable_uac false
  prompt_on_secure_desktop true
  consent_behavior_admins :no_prompt
end

Constants

MSG
RESTRICT_ON_SEND
VALID_VALUES

Public Instance Methods

correct_key?(node) click to toggle source

make sure the registry_key resource is running against the correct key check the block name and the key property (registry_key’s name property)

# File lib/rubocop/cop/chef/modernize/windows_registry_uac.rb, line 79
def correct_key?(node)
  return true if node.send_node.arguments.first.source.match?(/(HKLM|HKEY_LOCAL_MACHINE)\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System/i)

  match_property_in_resource?(:registry_key, 'key', node) do |key_prop|
    property_data = method_arg_ast_to_string(key_prop)
    return true if property_data && property_data.match?(/(HKLM|HKEY_LOCAL_MACHINE)\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System/i)
  end
  false
end
on_block(node) click to toggle source

block registry_key resources

# File lib/rubocop/cop/chef/modernize/windows_registry_uac.rb, line 53
def on_block(node)
  return unless node.method?(:registry_key)
  return unless correct_key?(node)
  return unless uac_supported_values?(node)
  add_offense(node, severity: :refactor)
end
uac_supported_values?(node) click to toggle source

make sure the values passed are all the ones in the uac resource this key has other values we don’t support in the windows_uac resource

# File lib/rubocop/cop/chef/modernize/windows_registry_uac.rb, line 62
def uac_supported_values?(node)
  match_property_in_resource?(:registry_key, 'values', node) do |val_prop|
    return false unless val_prop&.arguments[0].array_type? # make sure values isn't being passed a variable or method
    val_prop.arguments[0].each_value do |array|
      array.each_pair do |key, value|
        if key == s(:sym, :name)
          return false unless value.str_type? # make sure it isn't being a variable or method that we can't parse
          return false unless VALID_VALUES.include?(value.value)
        end
      end
    end
  end
  true
end