Blame SOURCES/scap-security-guide-0.1.40-fix-login_d_umask-2.patch
|
 |
e33168 |
From 95e9d5130f7b20677af0fd8b23b8fb2ad0900d5b Mon Sep 17 00:00:00 2001
|
|
|
e33168 |
From: Martin Preisler <mpreisle@redhat.com>
|
|
|
e33168 |
Date: Tue, 26 Jun 2018 13:28:20 -0400
|
|
|
e33168 |
Subject: [PATCH] To be on the safe side, force ansible XCCDFs to be
|
|
|
e33168 |
interpreted as strings
|
|
|
e33168 |
|
|
|
e33168 |
Avoid quotes though because that enables all sorts of escaping rules
|
|
|
e33168 |
that we would have to work around.
|
|
|
e33168 |
---
|
|
|
e33168 |
ssg/build_remediations.py | 6 +++++-
|
|
|
e33168 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
e33168 |
|
|
|
e33168 |
diff --git a/shared/utils/combine-remediations.py
|
|
|
e33168 |
index ece3765d56..5f61982750 100644
|
|
|
e33168 |
--- a/shared/utils/combine-remediations.py
|
|
|
e33168 |
+++ b/shared/utils/combine-remediations.py
|
|
|
e33168 |
@@ -190,11 +190,15 @@ def expand_xccdf_subs(fix, remediation_type, remediation_functions):
|
|
|
e33168 |
"substituting directly."
|
|
|
e33168 |
)
|
|
|
e33168 |
|
|
|
e33168 |
+ # we use the horrid "!!str |-" syntax to force strings without using
|
|
|
e33168 |
+ # quotes. quotes enable yaml escaping rules so we'd have to escape all
|
|
|
e33168 |
+ # the backslashes and at this point we don't know if there are any.
|
|
|
e33168 |
fix_text = re.sub(
|
|
|
e33168 |
r"- \(xccdf-var\s+(\S+)\)",
|
|
|
e33168 |
r"- name: XCCDF Value \1 # promote to variable\n"
|
|
|
e33168 |
r" set_fact:\n"
|
|
|
e33168 |
- r' \1: "(ansible-populate \1)"\n'
|
|
|
e33168 |
+ r" \1: !!str |-\n"
|
|
|
e33168 |
+ r" (ansible-populate \1)\n"
|
|
|
e33168 |
r" tags:\n"
|
|
|
e33168 |
r" - always",
|
|
|
e33168 |
fix_text
|