From 62082b7c8bdb82ebc956d0bd519695d150f515ba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 21 Jun 2019 14:31:07 +0200
Subject: [PATCH] Made oscap-ssh to work with shell-sensitive args.

Fixes e.g. the problem of oscap arguments -p (all).
Now, (all) is escaped, so it not intercepted by the shell.
---
 utils/oscap-ssh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/utils/oscap-ssh b/utils/oscap-ssh
index 6d60a369e..658cc2ee4 100755
--- a/utils/oscap-ssh
+++ b/utils/oscap-ssh
@@ -115,6 +115,13 @@ function scp_retreive_from_temp_dir {
     scp -o ControlPath="$MASTER_SOCKET" -P "$SSH_PORT" $SSH_ADDITIONAL_OPTIONS "$SSH_HOST:$REMOTE_TEMP_DIR/$1" "$2"
 }
 
+# $1: The name of the array holding command elements
+# Returns: String, where individual command components are double-quoted, so they are not interpreted by the shell.
+#  For example, an array ('-p' '(all)') will be transformed to "\"-p\" \"(all)\"", so after the shell expansion, it will end up as "-p" "(all)".
+function command_array_to_string {
+	eval "printf '\"%s\" ' \"\${$1[@]}\""
+}
+
 function first_argument_is_sudo {
 	[ "$1" == "sudo" ] || [ "$1" == "--sudo" ]
 	return $?
@@ -273,7 +280,7 @@ echo "Starting the evaluation..."
 # changing directory because of --oval-results support. oval results files are
 # dumped into PWD, and we can't be sure by the file names - we need controlled
 # environment
-ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR; $OSCAP_SUDO oscap ${oscap_args[*]}" "$SSH_TTY_ALLOCATION_OPTION"
+ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR; $OSCAP_SUDO oscap $(command_array_to_string oscap_args)" "$SSH_TTY_ALLOCATION_OPTION"
 OSCAP_EXIT_CODE=$?
 echo "oscap exit code: $OSCAP_EXIT_CODE"