diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c index f59737727..19bb59f2e 100644 --- a/src/XCCDF_POLICY/xccdf_policy_remediate.c +++ b/src/XCCDF_POLICY/xccdf_policy_remediate.c @@ -139,11 +139,10 @@ static int _write_remediation_to_fd_and_free(int output_fd, const char* template free(text); return 1; } - - if (_write_text_to_fd(output_fd, "\n") != 0) { - free(text); - return 1; - } + } + if (_write_text_to_fd(output_fd, "\n") != 0) { + free(text); + return 1; } if (next_delim != NULL) { diff --git a/tests/API/XCCDF/unittests/CMakeLists.txt b/tests/API/XCCDF/unittests/CMakeLists.txt index 2a56d3cdc..05ddea219 100644 --- a/tests/API/XCCDF/unittests/CMakeLists.txt +++ b/tests/API/XCCDF/unittests/CMakeLists.txt @@ -18,6 +18,7 @@ if(PYTHONINTERP_FOUND) add_oscap_test("all_python.sh") endif() +add_oscap_test("test_ansible_yaml_block_scalar.sh") add_oscap_test("test_xccdf_shall_pass1.sh") add_oscap_test("test_xccdf_shall_pass2.sh") add_oscap_test("test_xccdf_shall_pass3.sh") diff --git a/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.playbook.yml b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.playbook.yml new file mode 100644 index 000000000..dd0276739 --- /dev/null +++ b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.playbook.yml @@ -0,0 +1,37 @@ +--- + + +- hosts: all + vars: + tasks: + - name: Make sure contents of /etc/audit/rules.d/10-base-config.rules are as expected + copy: + dest: /etc/audit/rules.d/10-base-config.rules + content: |+ + ## First rule - delete all + -D + + ## Increase the buffers to survive stress events. + ## Make this bigger for busy systems + -b 8192 + + ## This determine how long to wait in burst of events + --backlog_wait_time 60000 + + ## Set failure mode to syslog + -f 1 + + + force: true + when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "docker" + tags: + - audit_basic_configuration + - medium_severity + - restrict_strategy + - low_complexity + - low_disruption + - no_reboot_needed + - CCE-82462-3 + - NIST-800-53-AU-2(a) + + diff --git a/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.sh b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.sh new file mode 100755 index 000000000..4ca5b3be5 --- /dev/null +++ b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.sh @@ -0,0 +1,21 @@ +#!/bin/bash +. $builddir/tests/test_common.sh + +set -e +set -o pipefail + +profile="xccdf_moc.elpmaxe.www_profile_standard" + +name=$(basename $0 .sh) +stderr=$(mktemp -t ${name}.err.XXXXXX) +playbook=$(mktemp -t ${name}.yml.XXXXXX) +playbook_without_header=$(mktemp -t ${name}.yml.XXXXXX) + +# Generate an Ansible playbook from a profile in SDS file +$OSCAP xccdf generate fix --profile $profile --fix-type ansible "$srcdir/$name.xccdf.xml" >$playbook 2>$stderr +sed '/^#/d' $playbook > $playbook_without_header +diff -u $playbook_without_header $srcdir/$name.playbook.yml +[ -f $stderr ]; [ ! -s $stderr ]; rm $stderr + +rm $playbook +rm $playbook_without_header diff --git a/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.xccdf.xml b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.xccdf.xml new file mode 100644 index 000000000..81b2adfd4 --- /dev/null +++ b/tests/API/XCCDF/unittests/test_ansible_yaml_block_scalar.xccdf.xml @@ -0,0 +1,48 @@ + + + incomplete + Security Benchmark + A sample benchmark + 1.0 + + Standard System Security Profile + This profile contains rules to ensure standard security baseline of your system. +