From 12732a5c15ed5a2610449da406e6f04d3dfd71d9 Mon Sep 17 00:00:00 2001 From: Markus Linnala Date: Sat, 20 Aug 2022 11:49:17 +0300 Subject: [PATCH] fix: oscap-ssh: extend command_array_to_string coverage to sudo This ensures whole command is quoted. --- utils/oscap-ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/oscap-ssh b/utils/oscap-ssh index a641498909..4e6dc7f9c2 100755 --- a/utils/oscap-ssh +++ b/utils/oscap-ssh @@ -303,7 +303,7 @@ echo "Starting the evaluation..." # changing directory because of --oval-results support. oval results files are # dumped into PWD, and we can't be sure by the file names - we need controlled # environment -ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR || exit 1; umask 022; ${OSCAP_SUDO[@]} scap $(command_array_to_string "${oscap_args[@]}")" "$SSH_TTY_ALLOCATION_OPTION" +ssh_execute_with_command_and_options "cd $REMOTE_TEMP_DIR || exit 1; umask 022; $(command_array_to_string "${OSCAP_SUDO[@]}" scap "${oscap_args[@]}")" "$SSH_TTY_ALLOCATION_OPTION" OSCAP_EXIT_CODE=$? echo "oscap exit code: $OSCAP_EXIT_CODE"