Create a Vale rule set for CustomerSensitiveData

[aireilly]

URLs

\b(?:http:\/\/)?(www\.)?(?:[^\s]+)(?:\.[a-zA-Z]{2,3})\b

Allowed

- redhat.com
- hostname
- example.com
- example.net
- example.org
- access.redhat.com
- server.log
- www.redhat.com
- bugzilla.redhat.com
- config.get
- http://access.redhat.com
- https://access.redhat.com
- https://www.redhat.com
- http://www.redhat.com
- agent.log
- rhqctl.log
- rhq-storage.log
- rhq-client.log
- www.example.com
- http://www.example.com
- https://www.example.com
- \*.redhat.com
- node\*.example.com
- \*.openshift.com
- \*.log
- \*.img
- \*.out
- \*.bin
- \*.cfg
- \*.png
- \*.gif
- \*.jpg
- \*.rhq
- \*.jar
- \*.msc
- \*.txt
- \*.pdf
- \*.tar
- \*.gz
- \*.java
- \*.yml
- \*.xml
- \*.csv
- \*.py
- \*.zip
- \*.jpeg
- \*.doc
- \*.docx
- \*.xls
- \*.xlsx
- \*.ppt
- \*.pps
- \*.odt
- \*.ods
- \*.odp
- \*.tgz
- \*.bz
- \*.cpp
- \*.bz2
- \*.sh
- \*.stp
- \*.rtf
- \*.sql

IP addresses

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

Allowed

- 10.0.0.0
- 10.0.0.0/24
- 192.0.2.0
- 198.51.100.0
- 203.0.113.0
- 127.*.*.*
- 0.*.*.*
- 224.*.*.*
- 255.*.*.*

MAC addresses separated by ":", ".", or "-"

[a-zA-Z\d]{2}\:[a-zA-Z\d]{2}\:[a-zA-Z\d]{2}\:[a-zA-Z\d]{2}\:[a-zA-Z\d]{2}\:[a-zA-Z\d]{2}
[a-zA-Z\d]{2}-[a-zA-Z\d]{2}-[a-zA-Z\d]{2}-[a-zA-Z\d]{2}-[a-zA-Z\d]{2}
[a-zA-Z\d]{2}\.[a-zA-Z\d]{2}\.[a-zA-Z\d]{2}\.[a-zA-Z\d]{2}\.[a-zA-Z\d]{2}\.[a-zA-Z\d]{2}

Allowed

- 00:00:00:00:00:aa
- 00:00:00:00:00:bb
- 00-00-00-00-00-aa
- 00-00-00-00-00-bb
- 00.00.00.00.00.aa
- 00.00.00.00.00bb

TODO/Investigate

• LUN WWIDs - world wide ids can be used to identify the linux device. Can we suggest a randomly generated WWID or a default pattern? Simplify down to something like 3600000000000000000aaaaaaaaaaaaaa.
  If differentiation is required, the end characters can be changed like 3600000000000000000bbbbbbbbbbbbbb
• System hostnames - Replace with hostname, or if differentiation is required, node2.example.com, rhevh1.example.com, etc.
• Customer made applications - Do not publish the names of the applications developed by the customers exclusively for themselves. Replace such names with a generic reference such as "the custom application."
• Certificates - Replace with a generic name.

[ccoVeille]

The link is behind a login page, so somehow limited.

Could you please complete they issue description to provide meaningful information ? thanks

[aireilly]

Yes I will collate a list for discussion here.

[aireilly]

Also create a customer sensitive information in YAML CR Vale rule for code samples. See #825

The rule would work by suggesting a generic title for all name fields. Could be adapted for other fields too.